Re: SV: XP backdoors

[Arias Hung <arias () xlr8r com>]

At 11:00 PM 1/6/2004 +0100, Kim Guldberg wrote:

> Backdoors that exploit software bugs need only install the proper
> patches
> but are there any exploits that take advantage of the nature of
> hardware/protocol/architecture
> itself?

You asked a 3 headed question.  Start by getting thoroughly acquainted with 
the 7 layers of the OSI model from which all things networked are 
based.  On one end of the spectrum is the physical layer, or "hardware" as 
you put it.   On the opposite end is the application layer.  Software 
actually starts to appear in layer 3 (transport) in the form of low level 
drivers before working its way up to the front end application layer 7.
Only by understanding the particular function of each layer can you begin 
to address your question of the 'nature' of the three examples you provided 
since you'll begin see the function or multi-functional purposes each was 
designed to do with respect to the layer of the stack they play their 
role.   So, in short, yes there are many exploits that take advantage of 
particular protocols or architectures (network and hardware arch both apply 
since you didn't specify which)  since whatever role it provides in 
transferring data along up or down the stacks necessitates limitations in 
their scope with respect to security.
Universal Data Protocol (UDP) packets are rarely used anymore in comparison 
to its TCP counterpart since it's a connection-less protocol that lacks the 
error checking reliability that Transmission Control Protocol (TCP) packets 
provide in layer 4 transport layer of the OSI model.  Many exploits can 
very easily intercept UDP or even spoof UDP packets by taking advantage of 
the nature of its connection-less functionality.  But that's not to say UDP 
is without merit since there are some instances that UDP is the much 
preferred protocol of use because of its speed and efficiency when compared 
with TCP.  Any kind of streaming in audio or video is done UDP since 
there's no noticeable difference if not all the UDP packets make it to its 
destination and UDP thrives in areas where one way transmissions and speed 
trump reliability and security.

As for hardware, sounds like you answered your own question in this very 
same post with the antenna and oscilloscope example.  What makes hardware 
transcend scrap metal status is its functionality as the physical layer 
medium that represents layer 1.  It almost becomes a philosophical question 
on how one could strictly exploit hardware by itself when alone it acts 
only as a physical conduit for communicating whether it take form of a 
client, server, or networking medium.  The only way to achieve this 
independently is by taking advantage of its 'nature' by tapping into its 
physicality, from which it was designed.

How 'safe' you might think you are from having you box accessed by those 
physically around you you might be surprised to learn that a majority of 
the vulnerabilities including the worst security originate on the client 
side.  Why waste time and possibly attract attention and leave tracks 
buffer overflowing fort knox when you could be so simply social engineered 
at one fiftieth the effort to hand over the keys to the hummer yourself?



Since you brought protocol into the same question,  


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------