Exploits and Backdoors Via Malicious Hardware
January 16th, 2011The authors at Ksplice are pretty good at digging into the low-level guts of modern computer systems—it’s not too unusual to see them posting assembler code to illustrate a point. In the linked article, they demonstrate how to use a PCI expansion card to hijack a computer in a manner that’s quite hard to detect, and which defies standard methods to recover a compromised system. The malicious hardware gets control of the system at boot time and intercepts the BIOS call that loads the operating system. This gives it the ability to then modify the OS to include an exploit.
For the normal computer user, this is a non-issue. But for those who deal with ultra-classified national security issues, you can never be too careful (maybe that peripheral manufactured in China is not as trustworthy as you think…). The example given in the Ksplice article is more of a proof of concept, because it only works on a single, specific release of the Linux kernel, but it wouldn’t be too difficult to come up with something more versatile.
The linked article is quite technical in nature, so you’ve been warned.
Link: http://blog.ksplice.com/…
(via Slashdot)
[link]Josh Says:
January 19th, 2011 at 5:17 pm
Hardware and firmware viruses are difficult to detect and their impact can be quite great.
This one impacted international affairs and security:
http://shetoldme.com/Politics/Iran-Nuclear-virus-U-S-and-Israel-have-collaborated
This one is old and may no longer be extant but I’m now paranoid about picture frames and USB drives.
http://articles.sfgate.com/2008-02-15/business/17139861_1_trojan-horse-computer-associates-security-vendor