How Attackers Could Send Your Smartphone To An Early Grave

A rare genetic disorder called progeria that causes symptoms of old age to manifest in the young has been popularized in books and movies such as Jack, a film that featured Robin Williams as a boy who aged four times faster than normal, and The Curious Case of Benjamin Button, based on a story said to be inspired by the disorder. Researchers at NYU have published a paper showing how to infect devices such as smartphones with the digital version of the disease.

In a paper titled “MAGIC: Malicious Aging in Circuits/Cores,” NYU computer scientists lay out a series of methods to attack hardware by aging integrated circuits rapidly and causing them to wear out. The effects of such an attack on a smartphone, for instance, could include slow performance or even failure of the device.

“Generally when companies manufacture integrated circuits, they are built for a lifetime. When we studied the aging process, we observed it is input dependent. If you run certain programs, you can make the degradation occur faster,” said Arun Kanuparthi, one of the authors of the paper at NYU. “What we were able to do is create a malicious program that, when you run it on a phone, can crash it in just a month.”

Why would anyone want to do that? There are many reasons that consumers — or even companies — might try to use such software to kill devices.

The first scenario the paper describes is the warranty scenario. “Let’s say you just bought a new phone,” says Kanuparthi, “and the company that manufactures that phone announces that they are launching a new model. You want that new phone, so you download this malicious app, run it on your phone, say that it is broken, and trade it in for the new model.” Essentially, the software tortures the chip to death. “Think of it this way,” says Kanuparthi. “If you eat too many cheesy puffs and drink a lot of soda, what happens to you? We essentially put the transistors in the integrated circuit under a lot of stress by force feeding them.”

Consumer watchdogs and regulators alike should pay special attention to instances of hardware obsolescence.

The second scenario is the planned obsolescence scenario. In this scenario, a company seeking to drive sales of a newer device might intentionally degrade the performance of an older device already on the market in order to drive the consumer to upgrade. “Companies might want to force consumers to buy newer products,” says Kanuparthi. “There have been several issues — the paper cites these — of really big companies suspected of doing planned obsolescence. A Blu-ray player crashing a day before the warranty runs out, or a phone suddenly slowing down after a software patch, just before a new model is launched. Then you go to the store and try out the new phone and you see a blazing difference in the performance and are compelled to buy the new phone.”

The third scenario is the state-sponsored hardware back door. “In this attack scenario, let’s say a country purchases military equipment from another country. The country that sold the equipment might have friendly relations with its customer today, but who knows what happens ten years down the line,” says Kanuparthi. The selling country may wish to maliciously age the devices and ruin their functionality by installing a software patch.

The researchers go on to lay out the effectiveness of their approach at beating mechanisms to mitigate these attacks, and a number of methods circuit makers might use to fend off malicious aging. Future research will look at how to mitigate these attacks on a variety of processor architectures. With recent deceptions such as the Volkswagen scandal, in which embedded software tricked emissions tests, consumer watchdogs and regulators alike should pay special attention to instances of hardware obsolescence, and keep an eye out for any curious case.