What’s the first thing you think of in 2024 when someone talks about the tools needed to hack your laptop? Malware, probably. A hardware device, possibly. A piezo-electric BBQ lighter, err, what? No, seriously, one hacker has detailed exactly how they managed to get root using just such a device. Here’s how it was done.
Can You Get Root With Only A Cigarette Lighter?
Can you get root with only a cigarette lighter? That was the question that hardware hacker extraordinaire David Buchanan, found himself asking. One thing you should realize by now if you’ve read any of my work related to how security researchers and hackers use sideways thinking to uncover new exploits is that they are not like normal humans. They think differently. Very differently indeed.
TL;DR. Yes, yes, you can. But please don’t stop here, as this really is a fascinating exploration into how the hacking mindset works.
“Before you can write an exploit,” Buchanan said, “you need a bug.” But what if, as unlikely as it may sound to regular readers, there are no bugs? “When there are no bugs,” Buchanan continued, “we have to get creative—that’s where Fault Injection comes in.” So, what is fault injection? Simply put, it can be anything that you introduce to the target system that can be exploited, including software-controlled data corruption, power glitching and, importantly in the case of the BBQ lighter hack, electromagnetic pulses.
I’ve seen researchers use everything from electric toothbrushes and bicycles to x-ray specs in hacking exploits. But a BBQ lighter is a first for me, and it is truly incredible stuff. So, sit down, make yourself comfortable and we’ll begin.
Here Comes The Science Bit
Buchanan opted to use an Intel i3-powered Samsung S3520 laptop from his junk pile as the target device for this hacking experiment. Let’s be clear from the get-go: this is not a new laptop, it dates from 2011. That said, running a desktop Linux installation, Arch in this case, is perfect as a test case. After determining that the most vulnerable part of the laptop was the double data rate bus that connects dynamic random access memory to the system, Buchanan set about creating that bug mentioned earlier. To be even more specific, for which I apologize, the hacker decided to inject a fault on one of the 64 DQ pins (the data-in pin is usually called D and the data-out one Q) on the laptop memory module. “I figured that if I could inject faults on one of these pins,” Buchanan said, “I could do something interesting.”
And interesting it was.
He soldered single resistor and wire to DQ pin 26. That was it. This created a simple antenna which is capable of picking up nearby electromagnetic interference. The interesting bit, the clever bit, the hacking bit is that then dumps that interference “straight onto the data bus.” By controlling this glitch so as not to disturb normal memory operation, Buchanan is able to introduce the fault on demand.
Lighting Up Laptop Root
Oh yes, did I mention the BBQ lighter yet? Buchanan discovered that clicking the lighter in the general vicinity of the antenna wire he had created was enough to reliably trigger the memory errors he was looking to exploit. When it comes to exploit itself, I strongly advise you read Buchanan’s blog for all the technical detail. It’s way too in-depth for here. I’ll leave you with the fact that it involves tricking CPython into giving up a reference, or pointer, to a fake object which then enables the construction of an arbitrary memory read/write primitive. See, I told you it was technical.
Having got root, which involves a lot more technical stuff, as you might imagine, Buchanan pondered if there was anything more practical than taking control of a laptop he already had control over, no matter how fascinating the process of getting there. His answer was to consider a gaming cheat module that gave gamers control, a gaming RAM stick, which could automate the whole process. But that, perhaps, is a story for another day. For now, just know that it’s 2024, and a hacker can root a laptop with a BBQ lighter. What an age to live in…