But their chips lived on. In traffic light controllers in Jakarta. In point-of-sale terminals in rural Brazil. In a million forgotten devices that ran critical infrastructure on the cheap.
The only way to audit the firmware was through the chip’s diagnostic mode. And the only way into that mode was via the proprietary , version 2.1.8.
“The driver is on there,” Aris said, handing it to her. “But the real vulnerability isn’t the driver. It’s the bootloader. The driver just opens the door. Whoever built this backdoor didn’t need the driver. They wrote their own. They have the chip’s hardware specification.” coolsand usb drivers
Victor hadn’t built a backdoor. He’d just never closed the one he’d built for himself years ago, when he still had access to the driver. And now he was bleeding dry the very banks that had refused to license his post-bankruptcy “security audit” service.
“Coolsand?” He laughed, a dry, dust-choked sound. “I buried that company in a shallow grave. The driver won’t help you.” But their chips lived on
She never told Aris. He was happier making pots.
Maya sighed, rubbing her eyes against the glare of three monitors. On each screen scrolled lines of hexadecimal code – the digital entrails of a dead technology company. Coolsand Technologies had been a minor player in the mobile silicon market a decade ago, known for making cheap, power-efficient SoCs for feature phones and early ruggedized Android devices. They’d gone bankrupt in 2018, their servers wiped, their offices turned into a co-working space. In a million forgotten devices that ran critical
Back in her Athens hotel room, Maya mounted the CD on a legacy Windows XP virtual machine. The driver installer was a tiny 800KB executable. She ran it, and for the first time in seven years, a legitimate handshake completed on her logic analyzer.
Maya’s employer, a boutique firmware security firm called IronKey, had been hired by a consortium of Southeast Asian banks. A pattern of untraceable micro-transactions had been found, each originating from a different IoT device, each device running a Coolsand CS3010 chip. The banks called it the “Ghost Leak.” IronKey called it the most elegant hardware backdoor they’d ever seen.