Forgot your password?
Close
typodupeerror
Security Networking IT

Remote Malware Injection Via Flaw In Network Card 49

Posted by timothy from the just-where-you-least-expect-it dept.
kfz-versicherung writes "During the CanSecWest international conference in Vancouver, members of ANSSI described how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (full presentation; PDF). The attack uses routable packets delivered to the victim's NIC. Consequently, multiple attacks can be conducted including man-in-the-middle attacks on network connections, access to cryptographic keys on the host platform, or malware injection on the victim's computer host platform."
This discussion has been archived. No new comments can be posted.

Remote Malware Injection Via Flaw In Network Card More

Remote Malware Injection Via Flaw In Network Card

Comments Filter:

  • Re:For a little piece of mind (Score:4, Interesting)

    by MichaelSmith ( 789609 ) on Saturday March 27, 2010 @06:03PM (#31643030) Homepage Journal

    Okay but will the UDP packets which cause the problem be well formed enough to be routed into your network from outside? In most cases if you have access to the local network all systems are vulnerable anyway.

  • Limited to Broadcom only? (Score:3, Interesting)

    by MrCrassic ( 994046 ) <deprecated@QUOTEema.il minus punct> on Saturday March 27, 2010 @06:17PM (#31643120) Journal

    It seems that the presentation focuses heavily on the NetXtreme framework, which is specific to Broadcom. Doesn't Intel, the other major NIC vendor/manufacturer, use their own proprietary security and administrative protocols on their devices?

    I wonder how secure Realtek's stuff is; their drivers/software leave me to think that their hardware code is ripe for discovery...

  • Mo bugs mo problems (Score:2, Interesting)

    by OopsIDied ( 1764436 ) on Saturday March 27, 2010 @06:56PM (#31643336)
    The important part about this is not that the attack is very specific (only Broadcom running ASF) but that attacks through a NIC are possible at all. This could be the beginning of more serious and widespread attacks as network components become exploitable through their increasing technology. There's a relationship between amount of code a device runs and the amount of bugs present in that code, and bugs can often be exploited for bad purposes.

  • This may be more general than a specific card (Score:3, Interesting)

    by grandpa-geek ( 981017 ) on Saturday March 27, 2010 @10:01PM (#31644352)

    I recently heard that the simulated network card in virtualization systems can be a point of attack. So, this may be a more general issue than a specific card.

  • Re:+++ATH0 (Score:3, Interesting)

    by mmontour ( 2208 ) <mail@mmontour.net> on Sunday March 28, 2010 @12:56AM (#31645188)

    The only REAL fix is to disable the sequence in the modem.

    Or to buy a modem from a manufacturer that implemented it properly. The escape sequence is not just "+++" - there has to be an interval before and after those characters in which no other bytes are sent to the modem. This can only happen if you're typing directly from a terminal, since there are always extra headers present if you're sending TCP/IP traffic.

    If your modem was vulnerable to this then the manufacturer was either incompetent or intentionally screwing it up to avoid paying patent royalties.

Slashdot Top Deals

I came, I saw, I deleted all your files.

Close