Cybersecurity Vulnerability Issues Research Paper

Length: 10 pages Sources: 10 Subject: Education - Computers Type: Research Paper Paper: #36589313 Related Topics: Cybersecurity, Edward Snowden, Cyber Crime, Counterfeit
Excerpt from Research Paper :

Cybersecurity Vulnerability

What are Vulnerabilities?

Hardware attacks because of Vulnerabilities

Hardware Data modification / injection

The Scientist Argument

Secure Coprocessing

How organizations can best address its potential impacts

Cybersecurity Vulnerability: Hardware Weakness

This essay introduces the role that computer hardware weakness opens the door up for attack in cyber-physical systems. Hardware security -- whether for attack or defense -- is not the same as software, network, and data security on account of the nature of hardware. Regularly, hardware design and manufacturing take place before or throughout software development, and consequently, people must be aware of hardware security vulnerabilities early in product life cycles. Whether it is human resources management, email and coordinated calendar systems, or sales tracking systems, the cloud offers opportunity to businesses for quicker, potential cost savings and stream lined procedures. With that being said, arguments over cybersecurity and vulnerability tend to be extremely touchy. On one side, supporters of stronger cybersecurity bring up the warning that we are at risk of a "digital Pearl Harbor" wherein the United States financial system, power system, and other parts of "critical infrastructure" could be criticized and extremely injured by distant hackers. On the other side, open Internet supporters are extremely skeptical that there is any real probability of attack. With that said, this paper will focus on the hardware vulnerability and how the presence of hardware backdoors in particular represents a nightmare for the security community.

What are Vulnerabilities?

Vulnerabilities are considered to be weaknesses in hardware that allow an attacker to compromise the availability, integrity, or confidentiality of that software or the data it handles. Some of the vilest vulnerabilities permit attackers to abuse a compromised computer, producing it to run random code without the user's information.

The previous 10 years exemplify a very interesting timeframe for studying vulnerability disclosures and ensuing changes that carry on to affect risk management in IT organizations all over the world. Before examining the trends and charts, a momentary review of the past decade with respect to industry vulnerabilities is in order.

Hardware attacks because of Vulnerabilities

One of the key consequences of the world economic disaster was budget cuts for security validation and manufacturing, in both private and public sectors. Regrettably, the cost is considered the factor that most effects the final choice for buyers. This led to the debility in the utilization of authorized resellers.

Orders today are typically made directly to manufacturers located in the Far East because of cheaper production prices. Those areas are considered to be conflicting for the reason that their governments are responsible for the majority of cyber attacks against western companies.

Research shows that the risk of getting hardware machineries with a backdoor is looked at as being concrete. It is true that Asian governments are not all the way accused of silently putting together backdoors. Recently, Edward Snowden was the one that exposed that the NSA commanded that the United States manufacture to plant a backdoor in produces that are exported.

When hardware is weak, malicious hardware alterations from insiders signify a serious threat. System difficulty, the large amount of designers and engineers concerned in every project and the delocalization of production in risky countries because of low cost presents a security threat.

A person that was spiteful enough could change a small section in the entire system for sabotage or espionage. Such attacks can be particularly overwhelming in security-critical industries, for example the military. The introduction of hardware Trojans could occur in each stage of the


Lately researchers have explored the likelihood of adapting hardware behavior by managing the concentration of dopant in electronic components or changing its division.

Hardware Data modification / injection

Some experts have argued that by perceiving the pattern of data write-backs to RAM, an attacker is able to figure out the location of the runtime stack, as commonly used software stack structures are usually simple. From the time when the attacker has physical admission to the device, stack data can be inoculated and, even though the data will be decrypted into a random stream, the effect on program behavior can be witnessed (Chen, 2009). The attacker may still be able to disturb the execution or learn concerning the executable.

Another thing that happens when the hardware is extremely weak is what is called the data substitution which is also currently valid, and observe the program's behavior. Unlike instructions which are limited to the valid opcodes in the instruction set, any data injected by the attacker will be correctly decrypted and passed to the processor. Thus, encryption in this case provides no protection other than privacy of the application's data. To address this issue, EED platforms typically consist of a location label (normally a memory address) as part of the validation data.

The Scientist Argument

Scientists Adam Waksman and Simha Sethumadhavan argued the further ideas of kinds of hardware backdoors because of hardware flaws. One of those backdoors are Ticking time bombs which is when an attacker could program a time bomb backdoor into HDL code that inevitably triggers backdoors after a pre-determined ?xed quantity of time after the power-on of a method. If the hardware is really weak, a device could be forced to crash or function spitefully after a determined number of clock cycles. It's clear that this type of attack could be very dangerous when hardware has some weakness that could be taken advantage of by some threat. When the hardware is not strong, an attacker would be able to create a kill switch function that could be undetectable by any validation means.

Level of Hardware Vulnerability



Means that the source of weakness within the network is highly motivated and sufficiently skillful and the network controls in place are unsuccessful.


Vulnerability inside the company is motivated and capable and controls and organization should put the controls to impede vulnerability.


The network weakness is not encouraged and controls are in place to stop vulnerability of the company's network in addition to data.

Another thing that needs to be considered are cheat codes which have a huge impact of due to hardware flaws. If the hardware has any kind of openings or just a malfunction an attacker could program backdoor triggers which are usually based on certain input data, otherwise recognized as "cheat codes." (Kelly, 2012) A "cheat code" is secret facts that the attacker is able to utilize to recognize themselves to hardware backdoor reason. It'll then start a malicious operation type of mode. Obviously, the code must be distinctive in order to avoid being accidentally provided throughout validation tests. As opposite to time bombs, this type of backdoor needs a second attack vector, the "cheat code." (Broggi, 2014) Because the hardware is not sound enough, the attacker could deliver "cheat codes" which send a sole data value enclosing the entire code (single-shot "cheat codes") or a large cheat code in multiple pieces (consecutive "cheat codes.")

Secure Coprocessing

How are sensitive computations able to be executed in remote devices such that the results gotten are dependable when it comes to hardware vulnerabilities? The argument here is that programs can be changed, data can be improved, records and logs removed, or secrets shown. debuggers and simulators offer mechanisms for observing memory content and execution patterns; memory can be read and frozen; operating systems and compilers could possibly be altered; and even the hardware could possibly harbor a Trojan circuit.

Figure 1 the example illustrates three paths that an attacker can take to penetrate the network using FTP serve

However, experts debate the point that designers of secure coprocessors contend that a system's root of trust has to be a computational ploy that can execute its tasks properly and without revealing secrets in spite of any attack (programmatic or physical) (Carr, 2010). A loose, common purpose computer in a tamper-proof physical enclosure would do, nonetheless that is difficult to obtain. High-end processors take in a lot of power and produce a…

Sources Used in Documents:


Ashford, W. (2014, October 8). Public sector sees cybercrime as rising threat. Retrieved from Computer Weekly:

Broggi, J.J. (2014). BUILDING ON EXECUTIVE ORDER 13,636 TO ENCOURAGE INFORMATION SHARING FOR CYBERSECURITY PURPOSES. Harvard Journal of Law and Public Policy, 9(12), 653-676.

Carr, J. & . (2010). Inside cyber warfare. Sebastopol, Calif: O'Reilly Media, Inc.

Chen, T. & . (2009). Guarding Against Network Intrusions. In J.R. VaccaComputer and Information Security Handbook. Amsterdam: Elsevier.

Cite this Document:

"Cybersecurity Vulnerability Issues" (2014, October 09) Retrieved August 8, 2022, from

"Cybersecurity Vulnerability Issues" 09 October 2014. Web.8 August. 2022. <>

"Cybersecurity Vulnerability Issues", 09 October 2014, Accessed.8 August. 2022,

Related Documents
Access Single Most Important Cybersecurity Vulnerability Facing It...
Words: 2445 Length: 8 Pages Topic: Education - Computers Paper #: 70956434

Cyber Security Vulnerabilities Single Most Important Cybersecurity Vulnerability Facing IT Managers Today Cyber Security Vulnerabilities Facing IT Managers Today At present, computers link people to their finances through online banking and a number of many online applications that offer access to accounts. In addition, they provide a connection to a broad variety of information, including social media, for instance, Face book, YouTube and Twitter. Interconnectivity of the systems have made it possible for

Cyber Security Most Important Cyber
Words: 2328 Length: 8 Pages Topic: Education - Computers Paper #: 93533978

The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored

Cybersecurity in Banking Financial Services Sector
Words: 1576 Length: 5 Pages Topic: Information Technology Paper #: 40149791

Cybersecurity for Mistral Bank Mistral Bank is one of the global financial services company headquartered in the United States where it is the third-largest bank holding firm and fourth-largest in assets held by deposit and market capitalization respectively. Since its inception, the company has experienced tremendous growth and profitability to an extent that it currently serves customers in over 40 countries and has significant relationships with U.S. Fortune 500 and Fortune

Cybersecurity As an Organizational Strategy an Ethical and Legal...
Words: 3101 Length: 10 Pages Topic: Business Paper #: 13203091

Cybersecurity as an Organizational Strategy: An Ethical and Legal Perspective Cybersecurity as Organizational Strategy Across the board -- in business, society, and government -- the promise of cyber capabilities are matched by potential peril. The cyber environment is never static, but it is perhaps most agile in response to the continual stream of emerging cyber threats and realized cyber attacks ("PCAST," 2007). Cybersecurity must be agile. The challenges that must be met

Cyber Security
Words: 1691 Length: 5 Pages Topic: Business - Case Studies Paper #: 93982307

Fundamental Challenges With respect to cybersecurity, there are two fundamental challenges – technological and human. On the technology side, many firms underinvest in cybersecurity, for whatever reason. It can be difficult to keep up with evolving threats, such as new ransomware, and companies that lack modern cybersecurity technology are especially vulnerable. In particular, companies are often keen to adopt new technologies – today cloud computing and the use of personal mobile

Cyber Security and It Protocols
Words: 861 Length: 3 Pages Topic: Sports - Drugs Paper #: 84433081

Disaster Recovery and IT Continuity Over the last several years, the issue of disaster recovery has been increasingly brought to the forefront. This is because both manmade (i.e. terrorism / cyber attacks) and natural disasters can create tremendous amounts of disruption to IT infrastructure. The result is that the entire area can be completely cutoff and unable to communicate with the outside world. (Sousa, 2014) In many cases, everyone is relying on