This Post Will Self Destruct In 10 Seconds

Xerox PARC Exploding Chip

Ah yes, the classic Mission Impossible ultimate message security — after verification and playing the message, poof — it’s gone. You could design explosives into your electronics to have the same effect… or you can use Xerox PARC’s new chip, which features a self-destruct mode.

Wait, what? Yup — some engineer at Xerox decided to develop a chip that can literally self-destruct. It was developed for DARPA’s vanishing programmable resources project, and well, it sounds pretty promising for the future of high-security applications.

The method of self-destruction is actually pretty simple. They’ve printed the chip on a piece of Gorilla Glass that has been ion-exchanged to temper it, which increases the stresses inside the glass. Then, when you want to get rid of the evidence, a small resistor built into the chip starts to heat up. This causes the glass (and circuit) to shatter into a thousand pieces — and since the whole piece of glass was stressed, it continues to break into smaller and smaller pieces, for up to 10 seconds afterwards!

There’s a clip embedded below that shows the glass PCB exploding. Don’t miss it! And for more self-destructing projects, don’t forget to check out This Tape Will Self-Destruct!

[via /.]

62 thoughts on “This Post Will Self Destruct In 10 Seconds

  1. Gone are the days of a message written on a photo sensitive medium coated in a mixture, which upon opening, gives rise to a clock reaction, of which the resulting compound spontaneously combusts in contact with air and residual heat from the reaction. The heat also blackening the message a few seconds after opening.

    The new one reminds me of those little drops of tempered glass (the name of which escapes me at the moment)
    The round end is really hard, touch the think end and bang, gone.

        1. Was that circuit on it even functional? I was under the impression that the only thing going on here was the glass, that it was tempered in such a way that heat on one spot would make it shatter completely, similar to a Prince Rupert’s drop.

    1. The BBC do it too and it is so frustrating. I tend to go down and CTRL click opening tabs on ones I want to read. By the time I have read the front page my room sounds like a football match.

    2. FFS, every time you reload the page, say, if you were posting a comment, it restarts! This really needs turning off NOW! Call me a smarty-pants, but I can actually start a video playing the old-fashioned button-pressing way.

    3. +1 Not all of us have unlimited bandwidth/gigabytes per month internet. I pay dearly for internet access where I live and don’t appreciate having my meager 2gig a month allotment eaten up by videos I may not want to watch!

  2. A friend worked on a chip a while back, it was a high speed cross bar, they taped it out, got back samples, threw it on the tester, the first few tests it worked flawlessly, then failed, restarting the tests everything failed – they tried a new chip, the same thing happened … lifted the lid, looked under a microscope there was a tangle of fluff on top of the chip. It turned out the test that failed sent 1s and 0s down alternate wires then switched them, electrostatoc forces ripped the wires off of the die ….

    1. That hasn’t actually been designed yet, this is only conceptual at this point.

      What they’ve actually achieved is the glass substrate for the chip that shatters completely, when a small part of it is heated.

      In the demonstration video a target on the glass is heated with a laser until the glass is destroyed. It’s as much “self-destructed” as a jug of water is when it’s shot with a rifle.

      1. and they have not even achieved that. It’s a thin tempered glass sheet, anyone can make this in their basement if they find a way to etch their circuit on it without shattering it. a simple solenoid with a spike can trigger the shattering.

    1. In a slightly less damaging way, this has been going on for decades in consumer equipment. I remember back in the 70’s cable TV boxes were made with glass circuit boards that had a spring loaded piston positioned in such a way that if you didn’t use specialized tools to open the box it would be released and break the circuit board. Customers were warned not to try to open the box.

        1. Not TVs, cable boxes. Used to need a set-top box to receive cable, back in the day. In the UK it’s still the way, no “cable-ready” TVs. The business model is that the cable company own the box, so they can make it self-destructing if they want to.

          I would worry about flying glass shards blinding some precocious 10-year-old with a screwdriver, hope they thought of that when they designed it. Or at least put a specific warning on the box. You wouldn’t expect consumer electronics to be booby-trapped.

          If these are more than just an old engineers’ tale, it’s the sort of method somebody would patent, you’d think. Also wonder what sort of encryption you could do with 70s analogue technology. Back then could you order a channel and have it switched on at the office, or did a guy have to come round?

          1. The glass broke, taking the traces with it, long before the cover was removed enough for the glass to get out. I’m guessing most people would hear the destruction and the pieces rattling around and stop right then.

            Back in those days you got a package of regular TV channels and then you could get as many premium channels as you wanted (and they offered) and each one was blocked by a filter on the incoming cable. If you wanted to add/remove a channel, the tech had to come out and remove/add the appropriate filter.

          2. Scroll was lagging on touch screen and it took input on the ‘report comment link.’ There doesn’t seem to be a link to cancel report and not sure who to contact or how…I will keep looking and try to let admins know but sorry for any inconvenience.

          3. Accidentally reporting comments happens all the time, you’re not the first to apologise. The chaps in the back room know that, they won’t remove a comment just because someone reports it. There’s actual human beings there. Reporting just gets them to check the post in question.

  3. This totally looks like it’s out of the movies!

    Put mains voltage on any NAND chip instead and watch it decap itself. Not sure how much data would be recoverable, though. Not that it would be impossible to piece together a jigsaw puzzle out of glass… :)

  4. Well that’s a step up from the one way gear in the VHS tapes distributed to car dealers in the 90’s for sales training / quizes. Sales guys said the tape could only be played once and never again. I took it apart and removed the spring loaded one way ratchet, rewound the tape and watched. BORING! Definitely a case where the trip was better than the destination.

    1. What’s the point of that, exactly? I can think of cases where you’d want a video to only be playable once, but corporate sales training certainly isn’t one of them. If the sales guys really want to watch the training material over and over again, I’m sure the suits would be ecstatic.

      1. To be honest I’m not really sure what the point was – I was just a teen / lot rat (washed the used cars for the sales guys).

        I was intrigued by the so called “replay proof” mechanism. I could care less about (car) sales tactics.

      2. I’d be willing to bet that tape was about future marketing plans – the kind of thing you wouldn’t want your competitors getting a hold of. The suits probably thought A) the cassette couldn’t be easily repaired, and B) anyone who found a tape that couldn’t be rewound would simply discard it. Queue the curious teenager….

    2. I used to work at a video rental place. We received a promotional movie screener on VHS, which claimed it could only be used for one and a half plays (the half to allow rewinding and replaying a few scenes). So naturally, the first thing I did is take it apart. This one didn’t prevent rewind, instead it really did self-destruct. Through a ratchet and a series of gears, only the forward play time was measured. When the allowed time had elapsed, a spring-loaded mechanism pressed a magnet against the tape, ahead of the VCR’s playback head, so it would be erased as you attempted to play it again. The mechanism was far more entertaining than the actual movie.

      1. I got one once with a much simpler setup. It just had a slot cut in the housing where the tape went into the takeup reel. It was part of a survey thing. Watch different segments of the tape then wait for phone calls to answer various questions. Don’t rewind the tape because it’ll destroy it.

        I should have opened it before starting, then its content would be in real good shape. After the survey was done they said to throw the tape away. Instead I opened it, found and removed the magnet. I still have the tape somewhere.

        Some of it was TV commercials, one part was audio with storyboard art for a commercial. The most interesting part was a pilot episode for a show called “Morning Glory” starring (I am pretty certain) Richard Masur and Sandra Dickinson. Pity the show wasn’t picked up. It was in the early 1990’s. It was a comedy set on the set of a morning news program called Morning Glory.

  5. Not the same tech at all, but see the line of IBM cryptographic co-processors. Fine wires laid out inside the package – you cut it, it wipes itself. Scintillation detector – you X-Ray it, it wipes itself. Thermistor – you freeze it in liquid nitrogen, it wipes itself. You give it a dirty look, see “wipes itself”, above. IBM potty training joke goes here. The hardware would survive, but the EEPROM with the keys was the real secret (built-in battery to maintain power long enough to run the erasure cycle). Anyway, early ones had a publicly-documented vulnerability that was discovered. . It wasn’t a problem that the hardware would “survive”, because the EEPROM with the keys was the real secret.

    1. Something similar was used on the Dallas DS5000 secure micros. Their program storage was in battery-backed SRAM, powered by a coin cell in a potted brick (like the old RTC modules). Some sort of (obviously intentionally) undocumented tamper features would short the SRAM rail to ground, wiping the contents. My understanding is that there was some sort of suspended pair of meshes over the die.

      1. Ah, found it: (warning: PDF)

        Section 9.10 mentions a “microprobe coating” on the die to accomplish this. Additionally an external Self Destruct Input pin can trigger the wipe. Interestingly enough, the self-destruct also clears the state of the crypto engine, wipes vector table state, quiesces external bus signals, and pulls a VCC passthrough for powering external memories to ground.

        Impressive considering this part is a couple of decades old.

    2. Similar (but cheaper) tech exists in just about every shop you go to. The PIN pads where you pay have cryptographic keys in them, and they’re required by PCI to be “tamper resistant”. The ones I’ve disassembled have spring loaded switches on the case, and a maze of wires printed on a Kapton sheet that is wrapped around the sensitive circuitry. They’ll be built upon 10-or-more layer circuit boards, where some of the layers are traps: short two layers together, or cut a trace on one of the maze layers, and pop – the chip containing the keys wipes itself. If you do manage to penetrate the case without triggering the sensors, you’ll find the chip is Ball Grid Array form factor, and can’t be desoldered without popping the tamper detector. And finally, the key generating algorithm is DUKPT, which continually generates new keys and deletes the old ones; it’s cycled prior to key injection by the key injector, and cycled again by the device following the initial key injection, so the most you could hope to learn are only the keys generated inside that particular terminal. With DUKPT, no payment terminal ever contains the master key for the whole cryptosystem.

      At least that’s what the tech looked like about 7 years ago. Since then, PCI has tightened the requirements, and it’s possible the manufacturers have added even more detection mechanisms, such as light and temperature sensors.

      The PCI requirements are deceptively simple: the security of the device is rated in dollars. The old devices had to withstand an attack performed by an attacker with a budget of $30,000. The new devices have to withstand an attacker with $250,000 (or something like that).

  6. What is DARPA’s current method, encrypt everything, store the keys in battery backed up RAM (at the location of use) and because of burn-in over weeks/months/years of having the exact same keys in the same location in RAM, use a high explosive to shatter the RAM chip in to sub millimetre fragments (within a metallic safe to contain the explosion) ?

    I’m thinking of the GCHQ’s (or Five eyes in general) approach to destroying the Edward Snowden files –

  7. Nobody any of you have ever likely heard of knows what is in x86 microcode because not ever the most hardcore RE people touch it.. Who says there isn’t an internal-overwrite function?

    1. What, on x86 microcode? I think it’s read-only. And what’d be the point? Unless you’ve got the rest of the hardware to run that code, what are you gonna do with it?

      Even a full set of masks would only be valuable to, say, a Chinese chip factory for a certain amount of time, before the design goes obsolete. And Intel have possibly the best fabs in the world to be able to make their CPUs. They’re constantly inventing new processes to squeeze extra MHz out of the silicon. Without their budgets, you wouldn’t be able to make their chips even if you did have the plans.

      1. I probably concur about the best fabs, but then again once we reach the end of moore’s law, bottom is bottom, and who cares who reached the finish line first? At some point open source fabs will reach the finish line…

      2. What do foundry and manufacturing processes have to do with anything? Microcode flash can be patched. Intel has release plenty of software patchers over the years they work from ring -1 or whatever mode BIOS uses maybe even ring 0..

        You reverse it’s protocol you can nuke x86 processors.

        There is ZERO security research around this..

  8. Did anybody else start reading fast in case the post actually self-destructed in 10 seconds? I was wondering if there was javascript on page that would hide the post after a few seconds of viewing it.

  9. I’m not an EE (Product Designer here) , but these security and anti tampering solutions you mention in the comments are fantastic. Where can I learn more about this hardware security stuff?

    Thank you so much!

  10. hall-reed switch smd calibrated.

    and sorry if you have already read:

    I’m also thinking some of those old style zener diodes through hole types could look like a diode but instead have a corrosive or other material inside to trigger.

    Inversely I had a colleague of mine (and I use the word loosely as he was one of those folks that would go outside and smoke a cig and drink coffee.)
    “They want me to write a firmware that can’t be over-written”
    without batting a eye I mentioned something from an old crappy sci-fi book I read. “That’s easy once you have it setup, send a signal to different portion of the circuit and burn out a few of the programming traces”

  11. If I RE x86 or ARM or PPC microcode flash update cycling I can kill ALL existing chips and you can’t buy the hardware to repair that for less than 100k..

    8008, z80, all the way to skylake and kaveri etc..

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.