3 min read  | Cybercrime

What are the possibilities of hardware Trojans in 2021?

The Trojan War ended with the topless towers of the city in flames and the consequent fall of Troy—all thanks to the Trojan horse.

The Trojan horse lives on in infamy as more than just a niche reference. In the minds of all professionals involved in the cybersecurity sector and the owners and users of technology (which is incidentally the majority of the modern population), who are looking to protect themselves from cybersecurity threats, it takes on the form of a threat to cyber safety.

While software or hardware Trojans may not result in a city in flames it could lead to a temporary fall in your business. Unsurprisingly this is something all companies should strive to avoid.  

Protecting your systems from cyber threats has always been a priority for anyone with data to protect. Given our dependence on technology, infallible cybersecurity has become a necessity for all businesses. 

In the conversation surrounding cybersecurity, however, we tend to focus primarily on threats to our software and data. Hardware threats take a backseat in the current climate. 

This underestimates the pace at which these threats evolve. There is a natural trust we place in tangible hardware systems. Seeing these systems in our physical reality makes it easier for us to depend on them and believe that unless they are intentionally or accidentally destroyed, they will not threaten our system. 

We know by now that this trust is severely misplaced and can lead to you leaving your systems vulnerable to hardware Trojans, as well as other threats.  

It’s easy to forget that hardware has to keep up with the breakneck speed of innovation that software follows. So it does. 

The short answer is yes, there is a very high risk of hardware Trojans in all its forms (combinational, sequential, and analogue) threatening businesses in 2021. Here’s why.

Increased outsourcing

The global market opens up a host of possibilities for businesses in every sector. The technology sector is no different. It is not uncommon for research, development, and design to take place across the world from manufacturing and production of hardware components. 

This allows for cheaper manufacturing, keeping the costs of hardware low, but also threatens the security of the hardware that is delivered at the end of the production line.

At the end of the day, it takes a village to create the tiny hardware components we take for granted. From intellectual property core suppliers, Electronic Design Automation (EDA) suppliers, and Computer-Aided Design (CAD) software to a host of other manufacturers and factories. 

At any point in this long supply chain, these components can be tampered with and Trojans can be hidden. 

Why you need to keep your guard up

Not only are hardware threats a murky and often ignored threat to digital systems, but there is also very little known about how these threats can be combatted or even recognised.

This means you may not even know that a hardware Trojan is embedded in your systems until it’s too late to mitigate the threat. They are designed to be seldom activated and can be undetectable to orthodox testing practices and traditional security measures. In theory, however, they can be identified by post-manufacturing tests and coverage-oriented measures while the design process is underway.

Recent discoveries have also identified that Electro-Optical Frequency Mapping (EOFM) can help detect the presence of Trojans before they have a chance to damage your systems. No method thus far, however, is completely reliable in identifying Trojans before they become active. 

Keeping your guard up despite these challenges is critical because once an attacker gains access to your hardware, your systems become incredibly vulnerable.

Take hardware Trojans into account in your security strategies 

Trojans are designed to cause malicious modifications to your physical circuits and alter the behaviour of your system. This adversely affects your hardware’s reliability, can lead to failures in your system, allows remote access to your hardware, and threatens your sensitive data. 

Much like software cyber attacks, this can harm your company’s reputation and the loyalty of your clients. As you strive to create the most secure cyber ecosystem you can, make sure you keep a close eye on your hardware as well as your software security.