Hacking microprocessors is the next step
Software hacking is for cissies, real men hack chips
HACKING SOFTWARE TO gain access to someone else’s computer could soon become “old school”, according to boffins at the University of Illinois, who say that the next level for hackers is hacking the microprocessor itself.
New research has shown that it is in fact possible to alter chips in such a way as to leave computers helpless to back-door attacks, which would be almost impossible to detect.
To prove their point, researchers set up a demo of such an attack yesterday, in San Francisco, at a security conference called the Usenix Workshop on Large-Scale Exploits and Emergent Threats. The alarming demo showed how a processor running a Linux operating system was left totally vulnerable after a malicious firmware laden chip was given instructions to allow an attacker to log on to the computer without any trouble at all.
Head boffin, Samuel King, who is also an assistant professor in the university of Illinois’s computer science department, reckoned that "This is like the ultimate back door."
He explained that hacking the chip was actually the easy part, requiring changes to only very few of the processor’s circuits. For the demo, King said that his team had tampered with only 1,341 of the chip’s one million logic gates, and that in order to hack the system, all that needed to be done was to send the processor a specially crafted network packet, telling it to let loose its evil load of malicious firmware. "From the software's perspective, the packet gets dropped ... and yet I have full and complete access to this underlying system that I just compromised," said King.
The hard part for any potential pioneering microprocessor hacker, would be the actual logistics of how to get an infected CPU into someone’s computer in the first place. Unlike hacking software, hacking hardware actually requires physical action. King admits that its not the most plausible attack strategy, but then went on to give his tips (or views, if you’re not a hacker) about how it could be done. King reckons that a "mole" developer (no, not a vole developer, a mole) could stick the code into the chip whilst working on it’s design, or an underpaid computer assembly lines-man could bung in the infected chips for a few pieces of silver.
Needless to say, this will just hype up the paranoia at the U.S. Department of Defense (DoD) , who already issued a warning back in 2005 about how offshore integrated circuit manufacturing could give rise to dangerous security breaches. After all, if you let pesky foreigners handle your chips, who knows what they might do to them. µ
L’Inq
InfoWorld
Comments
Clarification
'malicious firmware laden chip' means what?CPU, or BIOS ROM, or ?
The reason I ask is this: on Linux it is possible to update the CPU microcode on at least Intel chips; on most any PC the BIOS can be updated a number of ways.
Why would physical access be needed? Please clarify!
"Junk"
How to get into the chips? Well everyone's favorite country manufactures most of the chips in PCs: China. Your Guess.You must be kidding
"...an underpaid computer assembly lines-man could bung in the infected chips for a few pieces of silver."As a computer assembly lines-man....
Yeah, right, you must be kidding. The number of people who would spot that, the amount of quality control, the amount of observation of the line, and the amount of security at our facilities makes that such a joke of a possibility.
That is so stupid
Why would you waste your time on all that baloney, when for just $1 you can go buy a snicker's bar & give it to a woman in exchange for her password?You should give your head a shake -- vigorously.
La RRab ee, Gods Fart & Clearing Room Out.
After Mentioning larrabee, this article right in center field, Heres Why.Larrabee Team in same Press announcement of its' 2010 GpCpu release also States That: Larrabee GpCpu is So Crummy that Software Writers Are Going To Have To Make it Work, if ever. Get It? Software Writers Could Write Anything & Larrabee will be forced to Play it. Cool Thing is Larrabee Team is More Ignorant Than Public, So almost any FIX Will be more Like Complete System Breakin.
Why would Anyone write Fix For BAD GpCPU? Unless You Happened To Be Of SAme EVIL as Larrabee. Well Actually,SOFTWARE, Thats Directed Evil, While Larrabee is Worthless, Therefore:Evil.
Even if Larrabee is Shining New Processor, Just Software Code Updates Are Such Potential For HARM, That Only Larabbee Team?Member Could Advocate it, Being Stupid as HECK. "Team" also is NO Doubt Poor Term, AS UNINFORMED are Mass, NOT Team. AS There is NO Cohesion OF QUALITY.
Yet, In All, RANT, Gibber,FfaarrttT. It is Obvious Larrabee mets all of Sylvias' basic criteria for CPU that Will EAT Your System, READILY.Bear in LAMBS Clothing.Thanks Syliva, For Warning.
Thomas Drashek
NanoSpies
"King reckons that a "mole" developer (no, not a vole developer, a mole) could stick the code into the chip whilst working on it’s design, or an underpaid computer assembly lines-man could bung in the infected chips for a few pieces of silver."Or it could be "embedded" at the Fab. And what is to say that it is not already part and parcel of chip architecture.
Such a development would then only require the simplest of software instruction/coded activation to start streaming/processing information in a particular way to present a different picture/binary result/intelligent direction.
certian cpu loads microcode into flash
Certian cpus load microcode into flash. Think about it.Simpler Attack Vector
How about e.g. wireless chips with uploadable firmware? Add a little tweak to tell the chip to accept a specially-crafted packet over the airwaves, and you're in.And people wonder why some Linux developers and maintainers are so anal about closed-source firmware blobs.
Don't
you mean Sissies? cylvie?Corry... couldn't help myself. :)
Nonsense
Sorry, but this is simply ridiculous.Why go through all the trouble of paying off an insider to do something evil at a very high level, have the bad code go through all the validation steps and get made into working silicon, when it is soo much easier to just lay some bad software on a botnet and watch the dough roll in overnight.
Come on, this might be useful as some McGuffin in a spy film, or some black project for DARPA, but in real life this is stupidly useless.
Besides, if you can get to the PC for long enough to replace the CPU without getting caught, you have ample time to just copy the disk and be done with it.
There are way too many morons who will answer any enlargement offer to make this worthwhile to the common criminal.
No way it will happen without the CIA having a hand in it, and then the compromised chip will be carefully conveyed by a hit squad with very special instructions to some political target of note, not to some random CEO or somesuch.
Good for film, not good in RL.
Licensed to Thrill....
"Good for film, not good in RL." ..... posted by : Pascal Monett, 17 April 2008Great for a film, and Beta in RL, which is a Virtualised Reality, Pascal.
And the Simpler Attack Vector ....posted by : Lawrence D'Oliveiro, 17 April 2008 is also Sensitive Cutting-edge AIR&dD for those into TEMPESTuous Beta Delta SIGMA Protocols for ESPecial Operands Loded with Special Access Programs.
QuITe Alien CyberIntelAIgents @ ITs Work Rest and Play although probably also just ControlLed Psychosis for White Hat Psychopaths. Real Spooky Territory you would not Believe, given what IT does. ..... which is why it is not presently widely known, although more widely used than one would first imagine although whether under Control is quite another question.
For this exploit physical access is needed
hoohoo,To update microcode, you would need to take advantage of a software exploit in Linux in order to run your microcode updates anyway. Physical access requires no such OS vulnerability.
That's so old news
The other as-old news being, that the likes of assembley and machine code - those kinds that could whittle through without exactly even being packaged into neat headed protocol-declared packets - can be used in the same way, negating any need for physical alteration to the chips.Next they'll be telling us all about those e-warfare nanobugs too, like those got forgotten all about as well.