Re: Hardware Viruses?

[David Farber <dave () farber net>]

________________________________________
From: Andrew C Burnette [acb () acb net]
Sent: Friday, May 02, 2008 9:52 AM
To: David Farber
Cc: Kenneth_Mayer () Dell com
Subject: Re: [IP] Hardware Viruses?

Dave, Ken,

I would say the article is inaccurate in the statement that the hardware
vector is more difficult.

On the contrary, ten years ago, the external peripherals I connected to
my machine were limited to mice, keyboards and perhaps a printer. Even
further back, hard drives themselves had no intelligent controllers (the
interfaces today are false/logical, and have zero to do with actual
drive construction, geometry to simplify the OS interface) Now the list
of peripherals is nearly endless.

Given the ever shifting blur between hardware and software, how is this
vector different than seagate shipping blank hard drives with viruses
onboard, or all HD manufacturers shipping normal drives with "hidden"
areas that may have been marked as dubious during manufacturing, but
could just as easily be used to copy unencrypted data, despite your use
of an encryption program on the 'normal' part of the drive. You may
purchase a 250G drive, which was originally manufactured as a 400G drive
but had sufficient errors (or not) to warrant programming the drive to
250Gigs of "good" capacity.  It works the same way as speed binning in
CPU selection.

(yes, there are hooks within several OS's drivers to view/read/use those
areas marked offlimits by the ondrive controller)

CPU's and the BIOS' on motherboards are equally suspect, as the majority
(recall the pictureframe virus? of which the picture frames are still
available for sale) we now innocently connect to our computing devices.

Do you now trust the AES onchip CPU implementations, or the TCP offload
processing embedded in NIC cards?  How about device drivers?

The vectors of hardware compromise are essentially endless, and the wave
of consumer/prosumer devices in use have returned us to the days of
"sneaker net" delivery of viruses and malware. We're simply dealing with
better written code now.

added to our 'default allow' rules on every SOHO firewall/NAT box in
addition to most corporate firewalls provide a direct outbound route for
any and all interesting data harvested by any malware,
hardware/microcode or software based.

Regards,
andy burnette

David Farber wrote:
> The full paper is fun. djf
>
> ________________________________________
> From: Kenneth_Mayer () Dell com [Kenneth_Mayer () Dell com]
> Sent: Thursday, May 01, 2008 10:11 AM
> To: David Farber; rforno () infowarrior org
> Subject: Hardware Viruses?
>
> You are concerned about spam and viruses? You ain't seen nothing yet,
> believe researchers from the University of Illinois at Urbana-Champaign
> (UIUC): A next phase of more sophisticated viruses may not only exist in
> software, but may be deeply embedded in hardware, or what the scientists
> describe as ""malicious circuits".
>
>
> http://www.tgdaily.com/content/view/37206/108/
>
>
> Thanks,
>
> Ken Mayer Jr., M.B.A.
> Server and Network Specialist
> Advanced System Group Dell Inc.,
>
> -------------------------------------------
> Archives: http://www.listbox.com/member/archive/247/=now
> RSS Feed: http://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com