Smoke 'em if you got 'em: Hacker gains root access using cigarette lighter

The laptop and lighter used to demonstrate the exploit.
The laptop and lighter used to demonstrate the exploit. (Image credit: David Buchanan on YouTube)

On October 7, blogger and hardware modder David Buchanan released a blog post detailing various efforts for low-cost Fault Injection solutions before showing off his ideal solution: a hard mod DRAM exploit with a resistor and a wire doubling as an antenna soldered to a specific DRAM pin (DQ26 and then DQ7).

The antenna is sensitive enough for an unmodified lighter ignition to activate a forced memory error at the specific memory addresses corresponding to the DRAM pin, which doesn't overly disrupt actual memory function since all original data is left intact. Still, there's an attack vector that defending devices and OSes can't do anything about.

As Buchanan explains, bugs are typically needed before an exploit can be written, but "when there are no bugs, we have to get creative" with Fault Injection. In this case, low-cost electromagnetic Fault Injection (EMFI) was achieved with a wire, resistor, and lighter without using more expensive (often Raspberry Pi-based) tools like PicoEMP.

DDR3 EMFI Linux LPE - YouTube DDR3 EMFI Linux LPE - YouTube
Watch On

That said, the resulting exploit isn't practical for anyone's use beyond serving as a simple lesson for hardware and memory hacking. You would need near unrestricted access to the device you're gaining access to with this method and lots of time to configure it properly. The likelihood of a cybercriminal using this methodology to break into your PC is astronomically slim.

However, methods like this could also help unlock otherwise locked hardware you already own— as Buchanan admits, this practice was also motivated by the anticipated arrival of the Nintendo Switch 2. Testing some fault injection exploitation with cheaper hardware seems like an ideal practice run for whatever Buchanan has planned next. Considering his past work, he may make another oddity like a USB-C iPod Nano mod.

Before wrapping up his original blog post, he also mentions how functionality like this could be built into things like gaming RAM to allow programs to run that are otherwise blocked by anti-cheat software, TPM measures, or both—though, to be quite honest, that does sound particularly fanciful, especially as a standard hardware feature.

Christopher Harper
Contributing Writer

Christopher Harper has been a successful freelance tech writer specializing in PC hardware and gaming since 2015, and ghostwrote for various B2B clients in High School before that. Outside of work, Christopher is best known to friends and rivals as an active competitive player in various eSports (particularly fighting games and arena shooters) and a purveyor of music ranging from Jimi Hendrix to Killer Mike to the Sonic Adventure 2 soundtrack.