On GameSpot: So-called 'Halo killer' gets 23 to life
BNET Business Network:
BNET
TechRepublic
ZDNet
43 TalkBacks

By Joris Evers
Posted on ZDNet News: Feb 28, 2007 5:12:00 PM

ARLINGTON, Va.--PC hardware components can provide a way for hackers to sneak malicious code onto a computer, a security researcher warned Wednesday.

Every component in a PC, such as graphics cards, DVD drives and batteries, has some memory space for the software that runs it, called firmware. Miscreants could use this space to hide malicious code that would load the next time the PC boots, John Heasman, research director at NGS Software, said in a presentation at this week's Black Hat DC event here.

"This is an important area and people should be concerned about this," Heasman said. "Software security is getting better, yet we run increasingly complicated hardware. Unless we address hardware security, we're leaving an interesting avenue for attack."

Malicious code delivered via the memory on hardware components poses a rootkit threat since it will run on the PC before the operating system loads, Heasman said. This likely will hide it from security software and other protection mechanisms, he added. Such low-level malicious code is known as a rootkit.

Moreover, because the malicious code is stored on the hardware component and not a PC's hard disk, reinstalling the operating system or otherwise wiping the disk won't remove the threat.

In his research, Heasman focused on graphics cards inserted in the PCI, PCI Express or AGP slots on a PC motherboard. He found that it is possible to load a few kilobytes of additional code onto the memory of such cards. An attacker could do this by tricking the user into opening a malicious file, for example, he said.

"The PCI bus was developed by Intel in the 1990s. And as we all know, security wasn't in high respects at that time," Heasman said. "On a well-run network, administrators know which machines are on their network, but do they know what PCI devices are on their network? In most cases I'd imagine that the answer is no."

The concept Heasman presented is not new. Other security researchers have highlighted the risk before. And the industry has responded through the Trusted Computing Group and the Trusted Platform Module, which performs additional checks. However, the Trusted Platform Module isn't on every PC and its capabilities aren't always used, Heasman noted.

For increased protection, Heasman recommends scanning the memory on PC expansion cards and other hardware components and analyzing what the code stored there does.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 43 Talkback(s)
LLF impossible for 20 years now
I'm glad you got your problem solved, but unless your local person has equipment comparable to e.g. the QA Lab at Seagate, he didn't do a low-level format.

Let's start with a definition of what... (Read the rest)
Posted by: r_widell Posted on: 04/08/07 You are currently: a Guest | | Terms of Use
Scanning peripheral memory  John L. Ries | 02/28/07
Heasmas is a big help for the BAD guys!!  johnydii@... | 02/28/07
Bad Guys Already Know  pj_mouse | 02/28/07
The bad guys hate Haesman because he's warning...  Boomslang | 02/28/07
Scanning peripherial memory?  mtien888@... | 02/28/07
HEY LOOK!  Linux User 147560 | 02/28/07
It can, and does happen  DJnRF | 02/28/07
Re: It can, and does happen.  DJnRF | 02/28/07
Ummmmmm...  jjarman | 02/28/07
Ummmmm  DJnRF | 02/28/07
So, let me get this straight, you got a virus from a CD?  Scrat | 03/01/07
So, let me get this straight  DJnRF | 03/01/07
sorry to hear about your problems...  jjarman | 03/02/07
My ignorance showing?  archetuthus | 02/28/07
My corrective post.  DJnRF | 02/28/07
I realy cant See what all the fuss is about  rick200565@... | 02/28/07
pc='personal' computer  inertman@... | 02/28/07
Sometimes being  DarbyOhara | 02/28/07
Naive, Foolish, or Games?  DataArchitect | 02/28/07
Who says this problem is only for invasion of personal data?  DJnRF | 02/28/07
LLF impossible for 20 years now  r_widell | 02/28/07
LLF impossible for 20 years now  DJnRF | 03/01/07
no it is not  bluescreen_z | 03/03/07
LLF can't be done by drive itself  wolf_z | 03/30/07
LLF impossible for 20 years now  r_widell | 04/08/07
Senseless RANT!  DarbyOhara | 02/28/07
Most of us have EEPROM tools  CodeCurmudgeon | 03/01/07
RE: I realy cant See what all the fuss is about  texan46 | 03/01/07
Still not seeing an answer  gretel111 | 02/28/07
Ok Here... EPROM 101  DarbyOhara | 02/28/07
What an insulting moron...  BigThunder1 | 03/03/07
Hi Gretel...  BigThunder1 | 03/03/07
I heard of Viruses infecting firmware  Zolar | 02/28/07
CMOS memory scare, anyone?  Martin.Taylor@... | 03/01/07
Although a remote attack would take MANY steps to achieve...  Scrat | 03/01/07
Routers  Kungfoofighterx | 03/01/07
So that's what it is...  rmcguire@... | 03/01/07
it happened with AGP ATI Radeon 9800PRO AIW card & W9x  peter.michalakis@... | 03/02/07
IMHO... As per usual,...  BigThunder1 | 03/03/07
Just wanted to say...  wolf_z | 03/30/07
Kudos, BigThunder -- This is Serious, and...  Jeff Hayes | 04/01/07
Any and All Threatening software  spacepioneer | 03/06/07
I knew about this months ago  walkerjian@... | 03/30/07

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Introducing SmartPlanet

  • Find thought-provoking progressive ideas on topics that intersect with technology, business and life. Visit Today
  • Technology, perspective, and insights shaping the world
  • Learn innovative and practical skills for your business and your life. SmartPlanet offers 360 degree coverage that you need to feel connected to the information that matters to the world at large. Go to SmartPlanet
advertisement
Click Here