Hacking Hardware
Yesterday researchers at the University of Illinois demonstrated an example of the next generation of malicious attack - an all but undetectable attack based on hardware rather than software vulnerabilities.
The team used a special programmable microprocessor running a version of Linux, as reported in ComputerWorld:
the chip was programmed to inject malicious firmware into the chip's memory, which then allows an attacker to log into the machine as if he were a legitimate user. To reprogram the chip, researchers needed to alter only a tiny fraction of the processor circuits. They changed 1,341 logic gates on a chip that has more than 1 million of these gates in total, said Samuel King, an assistant professor in the university's computer science department.
It's not a trivial matter to exploit this attack but NetworkWorld outlines some possible attack routes:
For example, a "mole" developer could add the code while working on the chip's design, or someone at a computer assembly plant could be paid off to install malicious chips instead of legitimate processors. Finally, an attacker could create a counterfeit version of a PC or a router that contained the malicious chip.
This kind of attack won't lead to million bot botnets but this kind of attack will probably find a place in industrial and political espionage.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
