Self-Destructing Computer Chip

The chip is built on glass:

Shattering the glass is straightforward. When the proper circuit is toggled, a small resistor within the substrate heats up until the glass shatters. According to Corning, it will continue shattering even after the initial break, rendering the entire chip unusable. The demo chip resistor was triggered by a photo diode that switched the circuit when a laser shone upon it. The glass plate quickly shattered into fragments once the laser touches it.

Posted on September 17, 2015 at 7:17 AM • 38 Comments

Comments

ianfSeptember 17, 2015 7:53 AM


So, apart from its premier OBVIOUS application, an integrated circuit version of a SPY BURN-BAG[*], a way to quickly & safely (though hardly instantaneously) destroy important data and/or decryption methods, are there [m]any other, not weapon-oriented, uses for it?

[^*] in “A Perfect Spy" by John Le Carré: Magnus Pym's diplomatic steel-framed briefcase with integral ignition system and two locks: “clockwise, or it fires.”

Mace MonetaSeptember 17, 2015 8:04 AM

Back in my younger days, I order assorted electronics from a surplus catalog. One of the items was a WWII VHF aircraft radio. It had weird large diameter threaded holes in the bottom. Reading through the included documentation, they were for explosive charges, activated if the aircraft was going down. The intent was to prevent technology from falling into enemy hands.

I can see something like this used to "tamper-resist" products - even from those that have purchased them. Warranty void if case opened. :)

BillKSeptember 17, 2015 8:09 AM

Is this similar to what is already used in modern devices that expire soon after the guarantee runs out? ;)

paulSeptember 17, 2015 8:21 AM

Sweet. And nice use of the internal stresses often found in glass.

But I do wonder just the tiniest bit how robust the system is against accidental triggering. Most things that are important enough to protect with that kind of tech are also important enough that you really want them to survive if they're not about to be compromised.

Clive RobinsonSeptember 17, 2015 9:21 AM

Hmm, using the internal stress of glass and also more esoteric solids used in chip manufacture can have unfortunate consequences.

Some here I know have suffered the effects of "glass shower screens" apparently "spontaneously shattering". And some semiconductor substrates will do similar things.

It's led to the idea that these materials "have memory of abuse", that is if you subject them to rough handeling or other stresses they don't immediately shatter they "store the stress, and release it at a future point in time". Nice as this idea sounds it's not quite true, but the exact mechanisms by which this apparent "memory effect" happens is still under investigation.

Thus one has to ask the question of if this chip might suffer from "spontaneous shattering" if used in say HighG environments such as fighter jets, planes launched of carriers, drones, rockets, munitions etc... or more prosaically in your phone etc which might get accidently dropped or involved in motor vehicle accident etc.

There is a reason the military do not put glass "relockers" in safes and locks, they don't want to be subject to a "self denial of service", especialy when response time may be very short...

Sometimes it pays to step back from a "security solution" and ask "How badly could this go wrong..." a question some people wish they had asked before they discovered they could nolonger get at their encrypted backups, because some one did not follow reliable KeyMan recording and auditing...

ianfSeptember 17, 2015 9:25 AM


@ Paul, as this is such a key issue, presumably, unless Corning/ the inventor/ already has tackled the problem of runtime/ fieldwork prevention of accidental triggering, the chip wouldn't have been previewed.

In all probability, they defined some kind of (enumerated statistically "sound") triggering thresholds, and then tested batches of those chips in accordance with set values. Then they iterated ever-strengthened batches until they reached their no-trigger goals in a controlled repetitive process. First then it was safe to unveil these new chips' existence for OEM exploitation. PRESUMABLY.

FredSeptember 17, 2015 9:54 AM

I could see certain software companies using it to distribute very large packages on USB sticks with tight time bounds or limits of installation instances. It might also have applications in distributing beta versions that are disabled shortly prior to production product launch.

Screechy LobsterSeptember 17, 2015 10:54 AM

Great concept, but a legal caveat: if a legal proceeding is in place when you destroy the disc (and chances are it will be by the time you get the knock on the door), your action will be considered spoliation of evidence, which could land you a hefty jail sentence, so this solution might not be ideal to protect individuals from authoritarian nation-states.

ianfSeptember 17, 2015 11:15 AM


@ Screechy … will be considered spoliation of evidence, which […] might not be ideal to protect individuals from authoritarian nation-states.

A lesser worry then, where actions of authoritarian nation-states are concerned. Besides, assuming "the spoilage" is instantaneous, who's to say WHEN & WHO reverted it back to silicon dust?

Peter A.September 17, 2015 11:26 AM

@Karellen: nice! I have thought of the HCF instruction immediately upon reading this but failed to conceive a backronym... Congrats!

@Lobster: it works this way only after you got to know that a legal proceeding is going, at least theoretically. In somewhat more authoritarian states, you get spanked whatever you do or fail to do.

ianfSeptember 17, 2015 11:33 AM


@ Fred … sees certain software companies using it to distribute very large packages on USB sticks with tight time bounds or limits of installation instances.

That could never be cost effective enough. If it gets adopted & deployed in numbers, it will be in critical military applications like drones, cruise missiles, autonomous ordnance delivery vehicles etc., in which their "brains on a chip" will undergo dead-man-grip-triggered destruction even when their main payloads fail to explode.

Bob PaddockSeptember 17, 2015 11:44 AM

Link: "Vishay’s New Electro-Pyrotechnic Initiator Chip Resistor is Industry’s First to Offer Joule Effect Ignition For Fast Firing Times Down to 50 μs, and a No Fire/All Fire Ratio up to 70 %"

They are hard to get samples and DigiKey still doesn't carry them. :-(

"EPIC resistors, also known as bridge resistors, are resistive elements that convert electrical energy into heat energy in a precise electro-thermal profile for the purpose of initiating a series of pyrotechnic events in a controlled energetic reaction."

http://www.vishay.com/docs/53041/epic.pdf 0603 package.

"Except as expressly indicated in writing, Vishay products are not designed for use in medical, life-saving, or life-sustaining applications or for any other application in which the failure of the Vishay product could result in personal injury or death.
Customers using or selling Vishay products not expressly indicated for use in such applications do so at their own risk. Please contact authorized Vishay personnel to obtain written terms and conditions regarding products designed for such applications."

Parts designed to burn up may not be used to cause damage or injury...

BobSeptember 17, 2015 12:05 PM

Wouldn't it be easier to put a little thermite in the package and have the chip go up in smoke? For that matter, electricity will do the same thing, as so many of us can attest to.

ianfSeptember 17, 2015 12:37 PM


@ Bob
the more mechanically/ dynamically complex a critical-destruction component, the higher its (theoretical) failure rate. What this (pre-stressed?) glass substrate chip promises is that it will require only a minuscule input of some specific close-proximity kind to enable self-destruct at once (presumably impervious to trigger false positives).

Tony H.September 17, 2015 1:45 PM

@Paul: "But I do wonder just the tiniest bit how robust the system is against accidental triggering. Most things that are important enough to protect with that kind of tech are also important enough that you really want them to survive if they're not about to be compromised."

I imagine it could be made extremely robust. Look up Prince Rupert's Drops for a very old example of glass that can be hit with a hammer at one spot without damage, but shatters explosively by just nicking a "tender" point. Protect the tender point from everything except the initiator and you're good.

There are cool high frame rate videos online showing the crack propagation and explosive results.

TerrySeptember 17, 2015 4:08 PM

@Clive Spontaneous shattering is caused by an inclusion in the glass called a stone. I have seen thermally tempered glass shatter due to them and have been told that they have a half life so it is not predictable. I have not seen the same thing happen in chemically tempered glass but I have been away from the glass industry for decades.

LawrenceSeptember 17, 2015 4:10 PM

Why it need like a laser to trigger it? It sounds like the laser is what powers the destruction circuit, being most circuit are not design to handles that amount of power needed to handle glass shattering.

Unless you can really miniaturized the laser power circuitry, this is still a long way off from reality.

Tim!September 17, 2015 4:37 PM

@Lawrence: the laser is not powering the destruction circuit, the laser is triggering a photodiode, which switches the destruction circuit on. The destruction circuit draws power from the same source that powers the chip itself. The laser and photodiode are just a switch, like the opposite of a laser tripwire. You could use a mechanical switch and your hand to trigger the destruction circuit instead, or a relay or transistor triggered by some other circuit.

rgaffSeptember 17, 2015 5:08 PM

@ BillK

That's what the "lifetime guarantee" is for... when the product dies, warranty expired.

GodelSeptember 17, 2015 6:42 PM

This would be perfect for printer manufacturers to make DAMN SURE that their ink cartridges can't be refilled.

marcSeptember 18, 2015 1:37 AM

The use cases I can think of:
1. Try to reverse engineer a spying device that is used by rouge nations to spy on their population and it will be destroyed.
2. The 'copy' command to copy digital content from a device will render it useless.

latsotSeptember 18, 2015 2:19 AM

So my phone company can destroy my phone if I don't pay my bill. My insurance company can destroy my car if I don't pay theirs or, you know, if they really just want to; maybe if I drive in places they think are dangerous. The idea of self-destructing chips isn't new but if anyone touts them as a security measure, you should be skeptical.

latsotSeptember 18, 2015 2:43 AM

I get a pacemaker cheap because I've got no insurance and fail to make the payments. We need to own our devices, even the ones not sewn into us.

John Galt IVSeptember 18, 2015 12:14 PM


A nation-state may have the resources to reverse engineer the pieces back to the device state that existed before the self-destruct was triggered. It is a 3D analog of the shredded paper problem that DARPA (OSD?) paid to have resolved about the time of the 2003 invasion of Iraq for fairly obvious reasons. Scanning electron microscopy can provide detailed geometry of every piece of recovered glass, including the elemental analysis of the circuit features on each piece and likely the magnetic state from GMR memory. It is a safe bet that some academic research group have tackled the computational problem of figuring out how to fit the pieces together, likely by genetic algorithm. Obviously, they would only deploy such forensics when the information is high value. A nation-state may have an agency with an acronym FBI that has forensic experts who lie routinely in court cases, who will make up a story that the stress relaxation that occurs after fracture of glasses can be measured with neutron scattering to establish the time at which the fracture occurred. In case you missed it, those forensic experts also lied in cases where they claimed that bullets from a particular melt could be unequivocally tied to the lot number. And countless other times, in countless other cases. BTW, the Bulger story apparently is going to be a movie. But Ephraim Zimbalist Junior is no longer with us.

John Galt IVSeptember 18, 2015 12:18 PM


speaking of high-tech remote repossession

http://dealbook.nytimes.com/2014/09/24/miss-a-payment-good-luck-moving-that-car/

speaking of pacemakers, maybe you can get a good deal on rapid-response ambulance service if you give your insurance company access to the data feed

http://www.sun-sentinel.com/health/ct-allstate-patent-data-0618-biz-20150618-story.html

see also:

http://books.slashdot.org/story/15/09/16/2316208/book-review-abusing-the-internet-of-things

CuriousSeptember 19, 2015 3:04 AM

I wonder how they made this chip. Maybe the manner in which this chip could was manufactured, could also be used to rewire a chip that was already manufactured.

ianfSeptember 19, 2015 9:38 AM


@ John Galt IVScanning electron microscopy can provide detailed geometry of every piece of recovered glass, including the elemental analysis of the circuit features on each piece and likely the magnetic state from GMR memory. It is a safe bet that some academic research group have tackled the computational problem of figuring out how to fit the pieces together, likely by genetic algorithm.

On a scale from

THEORY(1)… … (5) … …REALITY(10)

where would you say this rests?

WaelSeptember 19, 2015 9:50 AM

@inaf

THEORY(1)… … (5) … …REALITY(10)

Give it to Iran, they'll stitch the little buggers together in a heartbeat. They won't need SEM either :)

ianfSeptember 19, 2015 1:20 PM


@ Wael, ever since once in the 90s I discovered that the webmail program offered by my once (multinational Euro) ISP used a default time zone of UTC+03:30 (just as Bruce timestamps everything Pacific Daylight Time); changed it to local zone via JS only in the client; AND broke down completely when I set it to UTC+01:00 via the prescribed, but hard to discover, method, I hold no great confidence for—presumably Teheranian—line programmers ;-))

SharkySeptember 19, 2015 2:30 PM

@Tim! - yes, my first thought was triggering the destruction of top secret IT on THE MOON!

WaelSeptember 19, 2015 2:33 PM

@ianf,

just as Bruce timestamps everything Pacific Daylight Time
I believe @Bruce timestamps posts with UTC-5. I'm guessing Chicago, did not bother to trace it... But I know it's two hours ahead of PTZ[1], [2]. It's how I was able to post at the exact time once upon a time! And I am in Pacific Time Zone ;)


I hold no great confidence for—presumably Teheranian—line programmers ;-))

Oh, no! They'll use a talent far more advanced than their programmers can achieve! They'll deploy proven old school methods :)

[1] UTC isn't a Time Zone!
[2] Difference between GMT and UTC

CuriousSeptember 19, 2015 11:32 PM

I came to think of this other piece of news I saw somewhere a week ago, something about a company making fingerprint reading screens for mobile phones. Supposedly, it was some kind of novelty that this was said to be built into the glass (instead of layering the fingerprint reader beneath it as the article pointed out). No idea why that was particularly interesting, but I guess it might have been some cost saving effect for making mobile phones.

Sabbat RSeptember 21, 2015 3:47 PM

Many years ago, I had heard of electronic military encryption keys (for secure communication from particular combat vehicles) being stored on glass, so that they can be shattered before they can fall into enemy hands. This looks like an advancement of the same root technology.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.