×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malicious Hardware Hacking May Be the Next Frontier

CmdrTaco posted more than 3 years ago | from the i-hide-it-in-my-pocket dept.

Security 146

An anonymous reader writes "It's a given that hackers will target software, and that's enough for many people to worry about. But now there's the possibility that hackers would hide malicious code in the hardware itself. A hardware hack could be an annoyance, by stopping a mobile phone from functioning. Or it could be more dangerous, if it damages the way a critical system operates. Villasenor says there are several types of attacks. Broadly they would fall into two categories: one is when a block stops a chip from functioning, while the other involves shipping data out."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

146 comments

lolwut? (2, Insightful)

Pojut (1027544) | more than 3 years ago | (#33137402)

From the title of the summary:

Hardware Hackers May the Next Frontier

May what....MAY WHAT?!?!?!??!?!?!?!??!?! Seriously...what's with the editors around here?

Re:lolwut? (0)

Anonymous Coward | more than 3 years ago | (#33137510)

They are James May'ing the Next Frontier aka making everything slower.

Re:lolwut? (1)

BobZee1 (1065450) | more than 3 years ago | (#33137746)

didn't James May just go about 268mph in a car recently?

Re:lolwut? (1)

dimethylxanthine (946092) | more than 3 years ago | (#33137532)

They take drugs. But it doesn't ALWAAAAAAYS show. Take some Diazepam dude. Yoga, qigong and reducing computer use may be equally effective. Speak to your doctor or psychologist.
Did I overreact?

Re:lolwut? (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#33137544)

Give Taco a break. After all he's been sitting at his computer since you went home from work last, night sifting through terribly written articles. He took a micro nap around 2 last night. He also sent Cowboy Neal on a Coffee run, but... well... I'm sure we all know how that story goes.

Re:lolwut? (1)

iLoveLamp (1676532) | more than 3 years ago | (#33137580)

The last time I may'd something, I got punched in the jaw. We used to may all the time back in the day. Now people get their panties in the wad. I blame republicrats.

Re:lolwut? (1)

marcansoft (727665) | more than 3 years ago | (#33137724)

No verb, abuse of the term "hacker", marketroid terminology ("frontier"), and generally fails at providing any insight at all as to the article's contents.

This is one serious entry into the "worst Slashdot headline ever" competition.

Uhm? (1, Insightful)

ground.zero.612 (1563557) | more than 3 years ago | (#33137410)

Nice headline.

We Certainly May! (0)

Anonymous Coward | more than 3 years ago | (#33137418)

Hardware Hackers May the Next Frontier

It's true, we just might the next frontier.

Re:We Certainly May! (1)

Steauengeglase (512315) | more than 3 years ago | (#33137652)

You have it all wrong. Hardware Hackers May, the Next Frontier. New trip-hop inspired gloom-core band. Don't any of you guys get the HHM street team newsletter?

[Insert scary possibility] (4, Insightful)

betterunixthanunix (980855) | more than 3 years ago | (#33137474)

"A hardware hack could do [bad thing] or even [really bad thing]!" What about, "A hardware hack could free users from restriction systems?" or perhaps "A hardware hack could allow a mechanic to work on a transmission that was locked down by the manufacturer?"

Re:[Insert scary possibility] (2, Interesting)

cygnwolf (601176) | more than 3 years ago | (#33137602)

I have to agree. While I concede the point that someone can make malicious hardware, it seems like it would be -a lot- harder to infect someone's system with it than it would be to infect them with malicious code. Based on the headline, I would have thought this was an article about the people who call themselves hardware hackers who are trying to make hardware BETTER. Garage engineers, that sort. Unfortunately, these days, the word 'Hacker' carries a very negative connotation and it seems like, from this article, that some people are trying to perpetuate it.

Re:[Insert scary possibility] (0)

Anonymous Coward | more than 3 years ago | (#33137710)

Unfortunately, these days, the word 'Hacker' carries a very negative connotation and it seems like, from this article, that some people are trying to perpetuate it.

"These days"? People have been using hacker to mean that for almost 2 decades now. No one cares that you neckbeards used the word "hacker" to mean something else.

Re:[Insert scary possibility] (1)

betterunixthanunix (980855) | more than 3 years ago | (#33137942)

'Hacker' carries a very negative connotation and it seems like, from this article, that some people are trying to perpetuate it.

"Some people?" More all, "almost everyone except hackers themselves." In a way, you can divide the population in four groups: hackers, non-hackers who respect hackers (a tiny minority), people who are annoyed by hackers and want to discredit them, and people who never knew what hacking was about and believed the mainstream media's attacks and propaganda about hackers. Even movies that have hackers as the protagonists seem to portray hackers as people who do nothing but break through security systems.

"Hacker" has become a synonym for "enemy of society" as far as most people are concerned.

Re:[Insert scary possibility] (1)

cygnwolf (601176) | more than 3 years ago | (#33137988)

You're right and I guess the point my scattered brain was trying to make (and did a poor job of it) was that the people who insist on calling themselves "hardware hackers" who are really "hardware tinkers" are causing a lot of confusion here. See the Apple charger hack article from yesterday.

CPLD? (2, Interesting)

MrFurious5150 (1189479) | more than 3 years ago | (#33137486)

IANAEE, but isn't this already a potential problem with CPLDs? Or would you consider that a software/firmware hack?

Re:CPLD? (5, Interesting)

betterunixthanunix (980855) | more than 3 years ago | (#33137586)

People have been hacking hardware for a really long time, longer than they have been hacking software. My security engineering textbook lists a number of hardware hacks that were used for espionage, particularly side channel attacks and other signals intelligence. Creating hardware trojan horses is an old trick; you might even say it dates back as far as the Trojan war.

Re:CPLD? (1)

mobilemodding.info (1800826) | more than 3 years ago | (#33137840)

Love your comment man :) Actually I think article is one of those "lets come with another fear and tell everybody this is really scary, may be some idiot will believe" :)

Re:CPLD? (1)

GrumblyStuff (870046) | more than 3 years ago | (#33137628)

TFA isn't really about hacking at least in the sense of it being remotely done or altering the device to do something different. All it is about is the danger of outsourcing to companies far and wide and the potential of not truly knowing is received and sold to the public at large (which means it was designed exactly for what it does which may or may not be in the interests of the future owner).

Re:CPLD? (0)

Anonymous Coward | more than 3 years ago | (#33138186)

No, if I understand the article correctly it is a general problem with IP cores [wikipedia.org] .

The new thing is that security breaches can happen in subcontractors, or in the subcontractor's subcontractor and so on...

So it's really a social problem that stems from outsourcing.

For some reason... (2, Funny)

The MAZZTer (911996) | more than 3 years ago | (#33137500)

...this reminds me of the whole "Hackers can make your computer explode!" scare that went around in the early PC era...

Re:For some reason... (0)

Anonymous Coward | more than 3 years ago | (#33137582)

If you recieve an email with the subject line "e-card for you", OMG DON'T OPEN IT, it will burn your whole C drive!!! This has been confirmed as the worst virus ever by AOL and Dell, it was on CNN!

Re:For some reason... (0)

Anonymous Coward | more than 3 years ago | (#33138056)

OMG DON'T OPEN IT, it will burn your whole C drive!!!

Fortunately, my drive has only PHP on it.

Re:For some reason... (0)

Anonymous Coward | more than 3 years ago | (#33138386)

If it only has PHP on it just let it burn.

Re:For some reason... (0)

Anonymous Coward | more than 3 years ago | (#33138514)

They could make some printers explode.

Re:For some reason... (1)

NJRoadfan (1254248) | more than 3 years ago | (#33139074)

Or monitors. Trigger the right registers in a graphics card and early fixed frequency monitors are toast.

Article Headline Hackers May the Final Frontier (2, Funny)

noidentity (188756) | more than 3 years ago | (#33137520)

Someone hacked the article title, it seems. That's a bigger threat right there.

Ahem... (4, Funny)

Anonymous Coward | more than 3 years ago | (#33137546)

May. The Next Frontier. These are the failures of the Slashdot Editors. Their ongoing mission: To explore strange new URLs, to seek out new memes and new trending topics. To boldly fail where no man has failed before!

James May? (1, Funny)

Anonymous Coward | more than 3 years ago | (#33137554)

May [topgear.com] has modified cars as part of the show, but does that qualify as "hardware hacking"? Even then, so has Clarkson and Hammond.

Why the poor choice of word? (0)

Anonymous Coward | more than 3 years ago | (#33137562)

What is it with a tech site using "hacker" as something negative? Are you too young to know or is it just the call

Re:Why the poor choice of word? (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#33137734)

Because that's the way it's used in the article? The summary is nothing but sentences yanked straight out of it.

Re:Why the poor choice of word? (1)

teh kurisu (701097) | more than 3 years ago | (#33137944)

You read that headline, and your biggest criticism is their use of the word 'hacker'?

Uhhh... (4, Insightful)

The MAZZTer (911996) | more than 3 years ago | (#33137594)

Most of the defenses involve adding a kind of "policing" function to the chip's architecture. For example, one could design a block that would monitor the behavior of other blocks and make sure they fit certain patterns. If another block misbehaves, it would be "quarantined" and the monitoring hardware would take over the now-missing functions.

Yeah, THAT sounds practical. The article author watches/reads too much science fiction.

Re:Uhhh... (1)

betterunixthanunix (980855) | more than 3 years ago | (#33137684)

It could be as simple as checking power consumption against the design of the hardware, and falling back on slower but logically equivalent hardware if something is wrong. When you can fit a billion transistors on a single microchip, that is not really asking too much.

Re:Uhhh... (2, Insightful)

The MAZZTer (911996) | more than 3 years ago | (#33137916)

My problem with the paragraph is, if they can make a block of hardware that can take over the functionality of another block, why outsource the block in the first place since they already have a block that can do those functions? Answer: they can't make a block of hardware like that, that's why they had to outsource it. Also, they have to make it in house. If they outsource it they can no longer trust it either!

Re:Uhhh... (2, Insightful)

Pharmboy (216950) | more than 3 years ago | (#33138014)

Or more importantly, whoever is adding the exploit to begin with obviously knows about the redundancy in hardware, which would be bypassed, in the same hardware if you are exploiting. It would add a false sense of security. This is like having TWO latches on your screen door.

I like open source software just fine, but not preachy about it. However, when we are talking about critical infrastructure, this is a good argument for having the systems much, much more open and in plain view of many, many more eyes.

Re:Uhhh... (1)

betterunixthanunix (980855) | more than 3 years ago | (#33138132)

It is not too hard to create a block that is very difficult to route around, considering that the routing problem is NP-hard. It is one thing to tamper with a single block and hide something malicious in it, especially a large and complex block; it is something else entirely to try to rearrange in the interconnect between blocks without affecting the ability of the device to function. Your adversary in this case does not want to be obvious, and so they cannot ship devices that are less reliable as a result of the tampering, nor can they ship a device with a easy to detect form of tampering (like an extra block that would be obvious upon visual inspection).

Re:Uhhh... (2, Informative)

betterunixthanunix (980855) | more than 3 years ago | (#33138058)

There is a good bit of research on this topic, actually. I think the idea with the "block that takes over functionality" is that it is perhaps simple enough (and thus lower performance) that inserting malicious functions into it would be difficult to do without being detected. So, for example, you might have a very high performance DSP block that can do a 1024 point FFT in a few clock cycles, but that is going to be a lot of logic and leaves a lot of places for a malicious manufacturer to hide something; your fallback if extra circuitry was detected would be a less complex FFT circuit that takes thousands of clock cycles to do the FFT, and which would be harder to tamper with. Detecting hardware that has been tampered with is pretty hard, though, and that is where a lot of the research is.

It is not just about outsourcing; a chip fab in this country might have a worker who is on the payroll of the Chinese government, and who tampers with a chip layout just prior to manufacturing. It is pretty expensive to run a secure chip fab, and even if all chip fabs were domestic, you would still have a number of important computers (think of utilities, critical services, etc.) being manufactured at facilities where the employees might be engaging in sabotage of this sort.

Re:Uhhh... (0)

Anonymous Coward | more than 3 years ago | (#33138506)

Is there any research on the topic of whether or not anyone in the real world (not academics) has actually, "in anger", tried to attack a project in this fashion?

It seems awfully ineffective. I think that the Chinese would have more effective and important tasks for their EE mole to do, such as stealing blueprints, test data, etc. Why risk it all by trying to mess with the design?

Hackors (3, Funny)

kaoshin (110328) | more than 3 years ago | (#33137612)

I think it is possible that could hide malicious code in the. It could even potentially words from sentences. In Soviet Russia you.

I accidentally the headline! (-1, Redundant)

Anonymous Coward | more than 3 years ago | (#33137740)

I accidentally the headline!

A playground for Intelligence Services (1)

mbone (558574) | more than 3 years ago | (#33137766)

I wouldn't be too surprised if various intelligence services already did this. A service that puts moles in deep cover for decades would certainly be patient enough to put code in silicon and wait years for the right moment to execute it.

Re:A playground for Intelligence Services (0)

Anonymous Coward | more than 3 years ago | (#33138098)

You have just spoken of something never to be spoken of. Prepare to be terminated.

Re:A playground for Intelligence Services (1)

betterunixthanunix (980855) | more than 3 years ago | (#33138238)

Neither would I, considering that intelligence agencies have done this sort of thing in the past. There was a pipeline in Russia that (supposedly) exploded because a microchip design that Russian spies had copied from the USA had a malicious block. The Israeli air force seemed to mysteriously not be fired upon from enemy computerized antiaircraft installations, although there was never any official confirmation.

Hardware hacking is not new, and neither is malicious hardware hacking.

Stop using "Hacker" pejoratively! (1)

trashbird1240 (1149197) | more than 3 years ago | (#33137772)

I really wish Slashdot headlines would stop using "Hacker" in the sense of "computer-oriented criminal." I clicked on this thinking it would be an interesting story about new hardware developments. It's just another boring story about what might be a problem for law enforcement. Who cares?

I can see compromised hardware being an issue (1)

mlts (1038732) | more than 3 years ago | (#33137854)

All it takes is the ability to do a flash of a motherboard with a ROM that does everything, except adds a keylogger, and a driver that checks for Windows, and reinstalls the botnet client.

Exact same mechanism that LoJack for Laptops uses to reinstall itself. Except done by the blackhats instead of the whitehats. With more and more machines having motherboards with independent network stacks, it would be trivial to enable two-way NAT and have botnet clients that are easily communicated with this way.

Only real way to prevent these attacks is to go with a TPM based system. However, other devices can be easily flashed. A keyboard that stores macros might be able to be flashed to double as a keylogger.

Re:I can see compromised hardware being an issue (1)

betterunixthanunix (980855) | more than 3 years ago | (#33138278)

Unless, of course, you can compromise the TPM too. The issue is that hardware can be compromised; the solution is to either design hardware that is difficult to compromise without creating faulty operation, or to have a secure manufacturing chain where everyone needs a minimum level of clearance to even enter the facilities.

Re:I can see compromised hardware being an issue (1)

mlts (1038732) | more than 3 years ago | (#33138812)

Maybe this is a job for NIST, where they either make a chip fab, or have a contractor under strict guidelines do this exact type of thing.

What I'd like to see is a chip with TPM-like functionality on it, but on a SIM card. This way, people concerned about DRM stacks don't have to worry because there is just a tray for the chip, while people who want additional assurance of their data can just buy a card, slide the card in and go from there. Perhaps stick a little bit of flash on it for encrypted storage similar to IronKey, and this device might become extremely useful. It won't replace CACs or smart cards by any means, but it will provide authentication for the machine.

Perhaps SIM, R/UIM, and TPMs can merge onto one secure chip. This way, one can store keys, validate a machine hasn't been tampered with, and establish a communications channel onto 3G or LTE with very little user intervention.

policing functions are welcome (1)

C0vardeAn0nim0 (232451) | more than 3 years ago | (#33137856)

Most of the defenses involve adding a kind of "policing" function to the chip's architecture. For example, one could design a block that would monitor the behavior of other blocks and make sure they fit certain patterns. If another block misbehaves, it would be "quarantined" and the monitoring hardware would take over the now-missing functions.

it's about time this kind of thing makes it to peecees. mainframes have this buit-in for eons now. of course, they use this for realiability, but having mainframe class reliability on desktop machines would't be bad, for a few extra bucks

Hardware?? Firmware! (1, Insightful)

blackfrancis75 (911664) | more than 3 years ago | (#33137882)

Seriously? /. editors can't tell the difference between Hardware and Firmware??

Re:Hardware?? Firmware! (1)

gstoddart (321705) | more than 3 years ago | (#33138508)

Seriously? /. editors can't tell the difference between Hardware and Firmware??

Can you??

TFA is talking about someone embedding extra functionality at the chip-level which can later be accessed to achieve some desired result. It is not talking about injecting an update into the firmware of a running system. He's literally talking about hiding something at the circuit board level so by the time the chips are manufactured, they already have the embedded functionality.

So, before you start complaining about the editors being unable to tell the difference between the two things ... RTFA so you know what is being talked about. There is no mention of firmware, and he's not talking about firmware.

The article is literally talking about hardware.

Re:Hardware?? Firmware! (0)

Anonymous Coward | more than 3 years ago | (#33138622)

dont get all huffy there, its a huge difference tween circuit board level and chip level, and people already do this ALL THE TIME its called REDUNDANCY

know what your talking about before going on a crusade against someone, fiberglass with a copper pattern etched on it is not going to do jack shit and is about 10 miles away from chip level

Re:Hardware?? Firmware! (0)

Anonymous Coward | more than 3 years ago | (#33138842)

know what your talking about before going on a crusade against someone, fiberglass with a copper pattern etched on it is not going to do jack shit and is about 10 miles away from chip level

Go read the article. It's talking about chip fabrication and embedding the malicious stuff down at the chip level -- or, more accurately, functional blocks within chips. There isn't anything about firmware in the entire article.

Do you have anything to support the 'Firmware' claim?

Re:Hardware?? Firmware! (1)

blackfrancis75 (911664) | more than 3 years ago | (#33138786)

TFS literally refers to "hiding malicious code in the hardware", and it was the summary I referred to.

Re:Hardware?? Firmware! (1)

gstoddart (321705) | more than 3 years ago | (#33138964)

TFS literally refers to "hiding malicious code in the hardware", and it was the summary I referred to.

I see what you're saying, but my understanding of something at the chip-level is that while it still may be 'code', it's immutable because it's printed on/embedded in the chip (whatever the correct term is) and implements the logic, but it can't be changed.

Firmware is static, but can be modified. It's not clear to me that what is being described is firmware, but true, fixed, unchanging hardware. It just has an embedded bit of behavior that under some circumstances will trigger something potentially malicious.

I mean, the instruction set in a CPU is 'code', but it can't be changed since it's part of the circuitry.

This isn't about adding new code to an existing bit of hardware, I think it's about building in the functionality at the lowest level in the actual chip itself. An embedded logic bomb or something, but not something which can be updated once the chip is manufactured.

All your grammer..... (0)

Anonymous Coward | more than 3 years ago | (#33137920)

"All your grammar are belong to us!" There - haven't seen that for a while.

Re:All your grammer..... (1)

MikeDaSpike (1196169) | more than 3 years ago | (#33138066)

Oooh. I wanna do it too!
- Hardware need more cowbell.
- O'rly?
- Ya'rly.
- Chuck Norris doesn't need hardware. All he needs to do is stare at Microsoft Word and it will run by itself.
- SHOOOP DA WOOOP THE GAME WHILE SNAPE KILLS DUMBLEDORE
Old memes are old.

Re:All your grammer..... (1)

Abstrackt (609015) | more than 3 years ago | (#33138354)

Chuck Norris doesn't need to use Microsoft Word, when he wants to write a letter he roundhouse kicks the keyboard.

Old news (0)

Anonymous Coward | more than 3 years ago | (#33138002)

Hardware hacking is old news, in all sorts of definitions of "hack".

Just from the top of my head, I seem to recall an incident when the Pentagon hacked the firmware in a printer that was being shipped from France to Iraq, in the early 90's. (No, I'm not going to bother with finding the source. Go ahead and Google it yourself.) It was probably lame, and considering that it pre-dated wide-spread use of the internet or even LANs, it probably did very little. But all the same, "sophisticated hardware hacks" are not the future, they've been here for a long time. I'm sure someone can find a good example and say "Ha! 90's!? Get off my lawn! When I was working with tabulation card punchers, we used to..."

Oh Please (0)

Anonymous Coward | more than 3 years ago | (#33138084)

There have been stories identical to this for YEARS. Yawn.

No one has done it because it is much easier to do something like what happened in the story last month:

"Dell Ships Infected Motherboards"
http://it.slashdot.org/it/10/07/21/1354206.shtml

Or they just preinstall malware on storage devices. We get stories like that ALL THE TIME. It's usually detected quickly, but enough people can get infected that don't bother (or don't know how) to protect themselves that it is usually worth it.

Hardware is traceable, software is not (4, Interesting)

timholman (71886) | more than 3 years ago | (#33138116)

Disclaimer: I've been involved in some research in verification of ASICs to uncover trojan hardware. Frankly, I think the threat of hardware hacks tends to be overblown.

The problem with planting Trojan circuits in hardware is that they're traceable. Given a compromised chip, you can locate the manufacturer and the fab it came from, and work backwards to the people who had access to the layout. It would be a financial and P.R. disaster for any third party vendor that allowed such a thing to happen. Who would ever trust them again with a design? These companies want to make money, and allowing government or criminal organizations to compromise the manufacturing process is too big a risk.

On top of that, using a hardware hack is equivalent to firing a shotgun into a swarm of gnats. How can you know that a hacked chip is going to make it into a box that just might happen to be used by a competitor you care about? It's an insane risk with a ridiculously small hope of payoff.

The way to compromise systems is the way that has worked extremely well so far - via software. You can target the attack, you can cover your tracks, and you have plausible deniability if you're caught. If you bribe someone inside the organization, you can place the software you want right on the machines you care about. And as long as organizations keep using Windows, you'll never run out of attack vectors.

Re:Hardware is traceable, software is not (2, Insightful)

QX-Mat (460729) | more than 3 years ago | (#33138452)

A good point, except when small businesses try to extract the best value for money in an expensive IT purchase, counterfeit products can be very tempting - whether you know you're buying fake goods or not is irrelevent when the price is cheap. Cheap counterfeits are [arguabley] not traceable enough. Check out the Reg article on a recent Cisco raid [theregister.co.uk]

I remember reading another article on the Chinese fakes, where it was said that the only outward difference was the type of screw used. Scary to think that a specially crafted packet (or more likely, sequence of) could destroy the internet :)

Re:Hardware is traceable, software is not (0)

Anonymous Coward | more than 3 years ago | (#33138480)

I believe this, contrary to the article summary, is more about firmware than hardware.

Re:Hardware is traceable, software is not (0)

Anonymous Coward | more than 3 years ago | (#33138516)

How very true. Heck it doesnt even have to be the 'target' computer. Many devices out there are running good old linux. Like 4-5 year old linux with known vulns. For example I was thinking of getting a new tv it had a linux kern of 2.6.14. Seriously?! The TV that *JUST* came out has a 5 year old kernel in it. It also has built in internet access. These are little ticking timebombs. Put something like that in a break room. Or in someones house... These are not 'slouch' computers built in either having hardware capable of decoding h264. Nice little network sniffers. Plus they are left on for long periods of time so they can go 'slo mo' on attacks. Get some work boots an embroidered LG/Samsung shirt and clip board and I bet if you showed up many would let you 'upgrade the tv as per the contract you signed when you bought the tv as a courtesy for loyal customers'.

How many people have and use linksys routers? Those are almost stupid easy to flash with different firmware.

People will not even bother with hardware when you can do software so much easier. That is the POINT of software. Do in code what you cant in hardware. Literally I could tailor my attack for my targets or build drag net ones that gather lots of small bits of interesting info. You can then change your methods when your latest version is detected. Hardware is for speeding up code...

Hardware attacks such as this are probably out there but they would tend to be 1 shot deals. Like as you point out once detected it would be fairly easy to trace where it came from. Now the question is who would as you say have the money to do such a thing. As whoever they go to would want a boat load for such a risk.

Only two attacks? (1)

Smallpond (221300) | more than 3 years ago | (#33138162)

Villasenor says there are several types of attacks. Broadly they would fall into two categories: one is when a block stops a chip from functioning, while the other involves shipping data out.

There are lots of other possibilites. Some examples:

  • Silently change data to something else
  • Enable unauthorized access

Probably less actually (1)

Viol8 (599362) | more than 3 years ago | (#33138376)

" * Enable unauthorized access"

And how exactly are you going to do that in microcode or even hardwired circuits? Its the same BS as when he talks about "shipping data out". Yeah , sure you could do it , if you took up half the chip die with "secret" ROM code that ran its own networking stack, hardware drivers etc etc. If you're thinking about modifying the BIOS thats not hardware hacking, thats software.

The 1990s called... (1)

xtracto (837672) | more than 3 years ago | (#33138244)

A hardware hack could be an annoyance, by stopping a mobile phone from functioning. Or it could be more dangerous, if it damages the way a critical system operates.

They wanted their BIOS-corrupting viruses back [wikipedia.org]

BTW, I remember an urban legend circulating that there was a virus that changed some low-level instructions in 3.5 floppy drives making them keep reading discs... which made the drives get on fire. Anyone has got more info on that?

Ubiquity is a potential factor (2)

erroneus (253617) | more than 3 years ago | (#33138290)

Let's get this "Microsoft is the most used and therefore the most targeted" bit out of the way. Yes, being ubiquitous is a factor, but not in the internet server arena because Microsoft Windows is not the leader in that market -- Linux is. So at least two factors make a hacking target worthwhile on a large scale:

1. Ubiquity
2. Vulnerability (ease of hacking)

One of the reasons Linux isn't an internet target is that there are so many of them and they are nearly all different. There are many distributions, many versions of many distributions, many custom applications on many versions of many distributions... all with different components installed and configured in different ways. (With Windows, things are all pretty much done the same way.)

But why am I talking about this? Seems off-topic yes? Well I wanted to establish some background before going into the hardware situation.

With regards to hardware, we have little in the way of ubiquity. Yes, an increasing number of devices are actually running Linux in the firmware. That makes Linux increasingly ubiquitous in hardware. We have seen exploits associated with HP printers in the past where SNMP was exploited even when it is "disabled." This is an issue because HP printers in the office are quite ubiquitous. We have also seen the news story about certain Dell server system boards were compromised out of the box. Dell is quite common in the office and the data center as well.

But on the whole, the hardware market is still widely varied. We should all be concerned as additional commoditization of hardware components make hardware devices less differentiated. This makes predicting the hardware targets all the more possible. (Although "guessing" the hardware is less of a concern where external exploits will still largely be a software issue and once entry is gained, listing the hardware components would be trivial... processing that list to select from a list of exploit packages would then be trivial as well.)

All of this says "yes, hardware is vulnerable, but never as vulnerable as the software running on it." Keep the software doors tight and you have less to worry about with hardware.

Re:Ubiquity is a potential factor (0)

Anonymous Coward | more than 3 years ago | (#33139110)

Go to statowl, drill-down on the "linux" portion of the operating system market share pie graph.

Of the linux desktop share that can be identified, Ubuntu is 78% of it. Fragmentation is an illusion, for security as well as for a lack of profitability.

If someone wanted to target desktop linux with a vulnerability, they'd just target Ubuntu. --And they will.

Reflections on trusting trust (1)

maxwell demon (590494) | more than 3 years ago | (#33138464)

Since nobody seems to have mentioned it yet: Reflections on trusting trust. [uwaterloo.ca]
Note that he already mentions planting exploits into microcode, which is already quite close to the hardware. Do you know for sure there's no exploit planted in the microcode of your CPU? Maybe someone manipulated the compiler for the microcode? The compiler on which the compiler for the microcode was compiled?

But even with the actual hardware, that's possible: Just as you can place an exploit in the C compiler, you can also place an exploit in the VHDL compiler. Then the VHDL code will be unsuspicious, and run correctly in the simulator, but the actual chip will still be modified. Again, several levels are possible.

OK, is there anything which can protect us? Well, on one hand it's getting more complicated with each intermediate step. But then, there's also another protection: Exactly the fact that not everything isn't done by the same company! And this even applies for the simple case mentioned in TFA: A company which is asked for a component which, say, adds up a bunch of numbers, doesn't know how it's combined with the other blocks, or what the other blocks actually look like. Therefore he likely cannot tell how you could actually trigger the bad behaviour in the complete chip, or how to do something "useful" on that condition. The same is true on all the other levels: The chip developers will not write their own VHDL compiler, and the VHDL compiler writers have no clue what the chips which will defined with them will look like. The microcode developers likely don't write the microcode compiler, and the microcode compiler people probably don't have access to the microcode source code.

Reflections on Trusting Trust (0)

Anonymous Coward | more than 3 years ago | (#33138628)

http://cm.bell-labs.com/who/ken/trust.html

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...