Revolutionizing Laser Hacking with RayV Lite
Beaumont describes RayV Lite as part of a larger trend she calls “tool localization”: Devices like the ChipWhisperer and HackRF make electromagnetic or radio-based hacking cheaper and more accessible. She hopes RayV Lite can do the same for lasers. “It’s huge,” said Adam Laurie, a longtime hardware hacker and now director of product security at electric vehicle charging company Alpitronic, looking back on Beaumont and Trowell’s laser-hacking work. “It moves the tools from the super-expensive academic or national actor platforms to the garage, where the really creative stuff happens.”
Laser Fault Injection: Unlocking Vulnerabilities
When building the RayV Lite, Beaumont and Trowell focused on two different approaches to laser hacking. One is Laser Fault Injection (LFI), which uses brief bursts of light to disrupt the charge in processor transistors, flipping “bits” from 1 to 0 and vice versa. In some cases, carefully triggering these bit flips can have a larger impact. For example, for an automotive chip Beaumont tested, glitching the chip with a laser at one point could prevent the security check that puts the chip’s firmware into a protected state, leaving it unprotected and allowing her to scan it. Originally obscure code to obtain information.
Laser Logic State Imaging: Delving Deeper into Chip Architecture
Beaumont and Trowell said many cryptocurrency wallets are also vulnerable to a form of LFI attack, such as a chip failure when a PIN is required to unlock the encryption key to access the owner’s funds. “You take the chip off the crypto wallet, hit it with a laser at the right time, and it assumes you have the PIN,” Trowel said. “It just skips the command and returns the key.”
Innovative Design and DIY Cost-Cutting Techniques
In the first iteration of RayV Lite, Beaumont and Trowell are building two different versions of the tool’s design, one for each of the two laser hacking techniques. They are currently only releasing a laser fault injection model and hope to launch a laser logic state imaging version within a few months. Both will use the same basic components and the same DIY cost-cutting techniques. For example, the body of the tool is ba