“It’s about the fun of breaking things,” Bear says, “finding ways to use hardware that was either blocked or that it was not designed for and trying to come up with new usages. If there were no hackers, everything would be stale and just good enough. Hackers challenge the current technology and force designers to make things better.”
Working in cramped labs stuffed with specialized equipment, iSTARE vets schematics and other early design materials. But ultimately the group is at its most effective when it reverse engineers, or works backward from, the finished product. The goal is to probe the chip for weaknesses under the same conditions an attacker would—albeit with prototypes or even virtualized renderings—using tools like electron microscopes to peer inside the processor’s inner workings. And while iSTARE has access to top-of-the-line analysis equipment that most digital scammers and criminal hackers wouldn’t, Bear emphasizes that the cost of many advanced analysis tools has come down and that motivated attackers, particularly state-backed actors, can get their hands on whatever they need.
iSTARE operates as a consulting group within Intel. The company encourages its design, architecture, and development teams to request audits and reviews from iSTARE early in the creation process so there’s actually time to make changes based on any findings. Isaura Gaeta, vice president of security research for Intel’s product assurance and security engineering department, notes that in fact iSTARE often has more requests than it can handle. So part of Gaeta and Brown’s work is to communicate generalizable findings and best practices as they emerge to the different divisions and development groups within Intel.
Beyond Rowhammer, chipmakers across the industry have faced other recent setbacks in the security of core conceptual designs. Beginning in 2016, for example, Intel and other manufacturers began grappling with unforeseen security weaknesses of “speculative execution.” It’s a speed and efficiency strategy in which processors would essentially make educated guesses about what users might ask them to do next and then work ahead so the task would already be in progress or complete if needed. Research exploded into attacks that could grab troves of data from this process, even in the most secure chips, and companies like Intel struggled to release adequate fixes on the fly. Ultimately, chips needed to be fundamentally rearchitected to address the risk.
Around the same time that researchers would have disclosed their initial speculative execution attack findings to Intel, the company formed iSTARE as a reorganization of other existing hardware security assessment groups within the company. In general, chipmakers across the industry have had to substantially overhaul their auditing processes, vulnerability disclosure programs, and funding of both internal and external security research in response to the Spectre and Meltdown speculative execution revelations.
“A few years back, maybe a decade back, the vendors were much more reluctant to see that hardware, just like software, will contain bugs and try to make sure that these bugs are not in the product that the customers then use,” says Daniel Gruss, a researcher at Graz University of Technology in Austria.