Forgot your password?
typodupeerror
Security IT Hardware

Malicious Hardware Hacking May Be the Next Frontier 146

Posted by CmdrTaco
from the i-hide-it-in-my-pocket dept.
An anonymous reader writes "It's a given that hackers will target software, and that's enough for many people to worry about. But now there's the possibility that hackers would hide malicious code in the hardware itself. A hardware hack could be an annoyance, by stopping a mobile phone from functioning. Or it could be more dangerous, if it damages the way a critical system operates. Villasenor says there are several types of attacks. Broadly they would fall into two categories: one is when a block stops a chip from functioning, while the other involves shipping data out."
This discussion has been archived. No new comments can be posted.

Malicious Hardware Hacking May Be the Next Frontier

Comments Filter:
  • lolwut? (Score:2, Insightful)

    by Pojut (1027544) on Wednesday August 04, 2010 @10:14AM (#33137402) Homepage

    From the title of the summary:

    Hardware Hackers May the Next Frontier

    May what....MAY WHAT?!?!?!??!?!?!?!??!?! Seriously...what's with the editors around here?

  • Uhm? (Score:1, Insightful)

    by ground.zero.612 (1563557) on Wednesday August 04, 2010 @10:15AM (#33137410)
    Nice headline.
  • by betterunixthanunix (980855) on Wednesday August 04, 2010 @10:19AM (#33137474)
    "A hardware hack could do [bad thing] or even [really bad thing]!" What about, "A hardware hack could free users from restriction systems?" or perhaps "A hardware hack could allow a mechanic to work on a transmission that was locked down by the manufacturer?"
  • Uhhh... (Score:5, Insightful)

    by The MAZZTer (911996) <megazzt@gm[ ].com ['ail' in gap]> on Wednesday August 04, 2010 @10:26AM (#33137594) Homepage

    Most of the defenses involve adding a kind of "policing" function to the chip's architecture. For example, one could design a block that would monitor the behavior of other blocks and make sure they fit certain patterns. If another block misbehaves, it would be "quarantined" and the monitoring hardware would take over the now-missing functions.

    Yeah, THAT sounds practical. The article author watches/reads too much science fiction.

  • by blackfrancis75 (911664) on Wednesday August 04, 2010 @10:48AM (#33137882)
    Seriously? /. editors can't tell the difference between Hardware and Firmware??
  • Re:Uhhh... (Score:3, Insightful)

    by The MAZZTer (911996) <megazzt@gm[ ].com ['ail' in gap]> on Wednesday August 04, 2010 @10:50AM (#33137916) Homepage
    My problem with the paragraph is, if they can make a block of hardware that can take over the functionality of another block, why outsource the block in the first place since they already have a block that can do those functions? Answer: they can't make a block of hardware like that, that's why they had to outsource it. Also, they have to make it in house. If they outsource it they can no longer trust it either!
  • Re:Uhhh... (Score:3, Insightful)

    by Pharmboy (216950) on Wednesday August 04, 2010 @10:59AM (#33138014) Journal

    Or more importantly, whoever is adding the exploit to begin with obviously knows about the redundancy in hardware, which would be bypassed, in the same hardware if you are exploiting. It would add a false sense of security. This is like having TWO latches on your screen door.

    I like open source software just fine, but not preachy about it. However, when we are talking about critical infrastructure, this is a good argument for having the systems much, much more open and in plain view of many, many more eyes.

  • by QX-Mat (460729) on Wednesday August 04, 2010 @11:35AM (#33138452)

    A good point, except when small businesses try to extract the best value for money in an expensive IT purchase, counterfeit products can be very tempting - whether you know you're buying fake goods or not is irrelevent when the price is cheap. Cheap counterfeits are [arguabley] not traceable enough. Check out the Reg article on a recent Cisco raid [theregister.co.uk]

    I remember reading another article on the Chinese fakes, where it was said that the only outward difference was the type of screw used. Scary to think that a specially crafted packet (or more likely, sequence of) could destroy the internet :)

  • by phorm (591458) on Wednesday August 04, 2010 @03:19PM (#33141992) Journal

    OK, so how about the recent articles about Dell servers with infected hardware (I think it was in the monitoring firmware?). Is it Dell's fault, the company that did their refurbs/repairs, or what?

    How about all the times when a device with USB-storage came preloaded with malware. Or how about the Intel CPU's that were actually big chunks of useless metal.

    So a third-party steals a chip/board design, makes a clone, and then sneaks it in somewhere along the line. It doesn't have to be at the manufacturer, they just have to replace good hardware with the compromised units.
    Hell, how about online sellers in general, many of which are in China, etc. How do you known that the firmware or even hardware of that fancy smartphone you just bought wasn't tampered with?

    I see no reason that hardware is much safer than software... especially when loadable is a vulnerable midpoint between the two.

  • Re:Uhhh... (Score:3, Insightful)

    by timholman (71886) on Wednesday August 04, 2010 @03:33PM (#33142190)

    It is not just about outsourcing; a chip fab in this country might have a worker who is on the payroll of the Chinese government, and who tampers with a chip layout just prior to manufacturing. It is pretty expensive to run a secure chip fab, and even if all chip fabs were domestic, you would still have a number of important computers (think of utilities, critical services, etc.) being manufactured at facilities where the employees might be engaging in sabotage of this sort.

    The problem with subverting a single employee in the manufacturing process is that it would be extremely difficult for him to hide his tracks. Let's assume Mr. Smith is paid by the Chinese government to insert a logic block of, say, 2000 gates into a router chip to provide them with a remote shutdown capability. First Smith has to find a place to put it, so he reruns the place-and-route software, or else does some custom polygon-pushing and hopes he doesn't screw up something else in the design. Then he has to run LVS (layout versus schematic) and DRC (design rule check) scans to make sure the chip is manufacturable, and he made no layout or wiring errors. In most modern design teams, where layouts are managed and checked by multiple people before tape-out, this would be nearly impossible for a single employee to get away with.

    So, Smith decides to subvert the firmware instead. Again, unless he's the only person who touches the firmware, and the only person who maintains the updates and revisions, he won't be able to get away with it for long. What happens when Smith is transferred to another project, and Jones takes over the firmware maintenance and realizes something is screwy about the checksum in the current version? Not to mention having to outthink the test and verification group - what if they come up with test vectors that reveal his tampering?

    If you're going to subvert one guy, you need to subvert lots of them, and I think that's what worries the U.S. government. If the Chinese were willing to spend the money, they could set up a fake company that could operate for years, or recruit an entire Chinese design house from the get-go, building up long-term customer relationships and looking for opportunities to infiltrate enterprise products. This would not be cheap, but it is not without precedent (e.g. the Glomar Explorer). The problem is that it would take only one leak and the entire operation would be blown, and every fab and design house in China would suffer as a result.

    It's so much easier to work on the back end using software. Bribe or blackmail someone inside the targeted organization, hand him a USB thumb drive with a rootkit installer, and the job is done in a matter of hours. Even if the rootkit is discovered, who can prove where it came from? The IT department re-images the drives and the agent is free to try again later.

Real Users never know what they want, but they always know when your program doesn't deliver it.

Working...