BSI: New study on hardware Trojans 

B2B Cyber ​​Security ShortNews

Share post

The BSI has published a study on the possibilities for manipulating hardware in distributed manufacturing processes. It concerns hidden chips on hardware boards, so-called hardware Trojans.

The Federal Office for Information Security (BSI) commissioned the study “Examination of manipulation possibilities of hardware in distributed manufacturing processes (PANDA)”. This study examines the influence of attackers within the production chain of complex IT systems.

Trojan as a chip on circuit boards

🔎 X-ray image of a component on a circuit board under which an additional chip has been hidden (enlarged on the right). This chip is very difficult to detect even with modern X-ray technology (Image: BSI).

The publication describes the individual steps from the initial idea to the finished product. Based on this, possible weak points in the chain are identified and selected attack scenarios are outlined. An evaluation of prevention and detection options is carried out not only on the basis of literature research, but also on the basis of specially conducted experiments. The study results show that such manipulations are possible in every phase of production, sometimes with relatively little effort. Detection, on the other hand, can be very demanding.

Nowadays, the development and production of complex IT systems is often no longer carried out by a single manufacturer who implements and controls all design and production steps themselves. This division of labor has clear advantages, such as a shorter time to market for products, lower costs and the bundling of skills and tools in specific areas of responsibility. However, this division also carries the risk of unwanted changes to the original design, which in the case of security-relevant products can lead to the loss of confidential data, for example.

Have chips already been hidden on boards?

The aim of the study is to provide the IT community and IT manufacturers and service providers with an assessment of the threat posed by so-called “hardware Trojans”, which, for example, according to press reports from Bloomberg (already in 2018), were allegedly implanted in server motherboardsSuch manipulations can be implemented in almost all development and production steps. The study also analyzes the risk potential for this based on practical experience in chip manufacturing.

The study shows that the risks of manipulation in hardware production are real and significant. Attackers could compromise the integrity and security of IT systems by deliberately interfering with the manufacturing process. It is emphasized that a holistic security approach is necessary that takes all steps in hardware production into account.

More security: Recommended are, among others,

  • Stronger controls and security measures throughout the supply chain.
  • Use of advanced hardware Trojan detection techniques.
  • Implementation of prevention strategies such as split manufacturing.
  • Raising awareness and training of all stakeholders regarding security risks.

These measures can significantly reduce the risk of hardware manipulation, which makes a decisive contribution to the security of modern IT systems. The PANDA study thus provides a comprehensive overview of the threats and possible countermeasures in distributed hardware production and offers valuable recommendations for manufacturers and security officers.

Go directly to the study PDF at


About the Federal Office for Information Security (BSI)

The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.


Matching articles on the topic

Bitterfeld: Ransomware attack cost 2,5 million euros

The cyber attack with ransomware on the district of Bitterfeld three years ago shows the uncomfortable truth: it took years to ➡ Read more

New ransomware variant Fog discovered

Not much is known about the threat actors of the new ransomware variant called Fog. So far, only US organizations have been affected ➡ Read more

Europol: Almost 600 criminal Cobalt Strike servers shut down

Old and unlicensed versions of Cobalt Strike, the legitimate testing tool used by pentesters and red teams, are in the hands of ➡ Read more

Kinsing malware – millions of attacks daily

Since 2019, Kinsing malware, which particularly attacks cloud-native infrastructures, has been on the rise. A new study presents attack techniques and tactics of the ➡ Read more

Complex IT security: 450 end devices – 3 IT employees

Many companies use several security solutions at the same time. This leads to a high level of complexity. In an international survey, Malwarebytes asked 50 companies ➡ Read more

Microsoft sends customers warning email that looks like spam

After the attack by Midnight Blizzard in January, Microsoft warned its customers in June by sending an explanatory email. Unfortunately, ➡ Read more

Telegram: 361 million user data leaked

Cybercriminals have published millions of email addresses as well as usernames and passwords of online accounts in channels of the messenger service Telegram, according to the operator ➡ Read more

EU ATM malware attacks ATMs

ATMs are a popular target for cybercriminals. The new EU ATM malware is targeting European ATMs. Criminals can ➡ Read more