Vulnerability Development mailing list archives
Re: Modern hw-killing virus feasible
From: "Jon O." <jono () MICROSHAFT ORG>
Date: Tue, 6 Mar 2001 21:13:00 -0800
A flash/bios virus may not be new or feasible right now (delivery issues) but it brings up a good point. There hasn't been a lot of thought given to protecting digital assets other than what we consider the internet or networks. However, once you become dependent on a thing, you can be controlled by that thing. We are very dependent on POS (Point-Of-Sale) devices and networks, ATM machines, etc. which provide a much better form of delivery. These devices are networked and allow media transfers from untrusted parties. This may sound impossible or not feasible, but I'm sure most of you read about Direct TV sending a couple bytes to blow hacked systems up (needless to say, they have 'fixed' the DTV countermeasures). People (you know who you are) are always finding ways to hack Palm Pilots, Benz door locks, etc. and it's just a matter of time before someone goes after POS network interfaces. For example, some free standing ATM machines actually dial-up (yes, you can hear the modem dial and the connection hiss) connections to the network. An ATM technician even told me that the line from the wall to the ATM, which is usually protected, was a T-1. When asked if someone could just pull it and hook back in, he stated that it would send an alarm to the CO, but a bridge would work fine. Does anyone have more information about these devices and what kind of risk we may actually be exposed to? Thanks, Jon http://www.securityreports.com On Tue, 6 Mar 2001, Bart wrote:
Hi, Doesn't seem anything really new. The CIH Virus http://vil.mcafee.com/dispVirus.asp?virus_k=10300& ) written in 1998 did something like what you are describing. On a set date it tried to flash the bios with garbage, making the infected pc unable to boot. Alot of hardware can probably be killed this way, as a lot of hardware these days have flashable eeprom's. The only problem is is that they have various ways of flashing the eeprom, thus making it (virtually) impossible for a virus to have a generic (flash-)payload for a lot of hardware. Kind Regards, Bart-----Oorspronkelijk bericht----- Van: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]Namens Pavel Machek Verzonden: maandag 5 maart 2001 23:34 Aan: VULN-DEV () SECURITYFOCUS COM Onderwerp: Modern hw-killing virus feasible Hi! Current DVD-regioning system provides *very* easy possibility for virus to render hardware unusable. Current DVD-roms allow setting DVD region for limited number of times. Imagine virus, that switches DVD between japan-region and asia-region as many times as it can. It would leave DVD locked either to japan or asia, effectively making it unusable for european/us citizen. Long time ago, rumors went that it is possible to kill harddrive by software. Then, old monitors could be damaged by software by missprograming them (but damage would take lot of time). Now DVDs provide effective way for software making them unusable. Pretty sad. Pavel -- I'm pavel () ucw cz. "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at discuss () linmodems org
Current thread:
- Re: Modern hw-killing virus feasible, (continued)
- Re: Modern hw-killing virus feasible Daniel Newby (Mar 09)
- Re: Modern hw-killing virus feasible Blue Boar (Mar 07)
- Re: Modern hw-killing virus feasible Lincoln Yeoh (Mar 08)
- Re: Modern hw-killing virus feasible Vitaly McLain (Mar 08)
- Re: Modern hw-killing virus feasible Blue Boar (Mar 08)
- Re: Modern hw-killing virus feasible Vortex (Mar 25)
- Re: Modern hw-killing virus feasible Jonathan James (Mar 25)
- Re: Modern hw-killing virus feasible Dom De Vitto (Mar 07)
- Re: Modern hw-killing virus feasible fejed (Mar 08)
- Re: Modern hw-killing virus feasible christian void (Mar 07)
- Re: Modern hw-killing virus feasible Jon O. (Mar 07)
- Re: Modern hw-killing virus feasible Nick (Mar 07)
- Re: Modern hw-killing virus feasible Ben Ford (Mar 07)
- Re: Modern hw-killing virus feasible Titanas (Mar 08)
- SV: Modern hw-killing virus feasible Christian Wettergren (privat) (Mar 08)
- Re: SV: Modern hw-killing virus feasible Lynn Crumbling (Mar 09)
- Re: SV: Modern hw-killing virus feasible Bruno Lustosa (Mar 09)