Malicious Hardware Hacking May Be the Next Frontier 146
An anonymous reader writes "It's a given that hackers will target software, and that's enough for many people to worry about. But now there's the possibility that hackers would hide malicious code in the hardware itself. A hardware hack could be an annoyance, by stopping a mobile phone from functioning. Or it could be more dangerous, if it damages the way a critical system operates. Villasenor says there are several types of attacks. Broadly they would fall into two categories: one is when a block stops a chip from functioning, while the other involves shipping data out."
lolwut? (Score:2, Insightful)
From the title of the summary:
Hardware Hackers May the Next Frontier
May what....MAY WHAT?!?!?!??!?!?!?!??!?! Seriously...what's with the editors around here?
Uhm? (Score:1, Insightful)
[Insert scary possibility] (Score:5, Insightful)
Uhhh... (Score:5, Insightful)
Yeah, THAT sounds practical. The article author watches/reads too much science fiction.
Hardware?? Firmware! (Score:2, Insightful)
Re:Uhhh... (Score:3, Insightful)
Re:Uhhh... (Score:3, Insightful)
Or more importantly, whoever is adding the exploit to begin with obviously knows about the redundancy in hardware, which would be bypassed, in the same hardware if you are exploiting. It would add a false sense of security. This is like having TWO latches on your screen door.
I like open source software just fine, but not preachy about it. However, when we are talking about critical infrastructure, this is a good argument for having the systems much, much more open and in plain view of many, many more eyes.
Re:Hardware is traceable, software is not (Score:3, Insightful)
A good point, except when small businesses try to extract the best value for money in an expensive IT purchase, counterfeit products can be very tempting - whether you know you're buying fake goods or not is irrelevent when the price is cheap. Cheap counterfeits are [arguabley] not traceable enough. Check out the Reg article on a recent Cisco raid [theregister.co.uk]
I remember reading another article on the Chinese fakes, where it was said that the only outward difference was the type of screw used. Scary to think that a specially crafted packet (or more likely, sequence of) could destroy the internet :)
Hardware is not all that traceable (Score:2, Insightful)
OK, so how about the recent articles about Dell servers with infected hardware (I think it was in the monitoring firmware?). Is it Dell's fault, the company that did their refurbs/repairs, or what?
How about all the times when a device with USB-storage came preloaded with malware. Or how about the Intel CPU's that were actually big chunks of useless metal.
So a third-party steals a chip/board design, makes a clone, and then sneaks it in somewhere along the line. It doesn't have to be at the manufacturer, they just have to replace good hardware with the compromised units.
Hell, how about online sellers in general, many of which are in China, etc. How do you known that the firmware or even hardware of that fancy smartphone you just bought wasn't tampered with?
I see no reason that hardware is much safer than software... especially when loadable is a vulnerable midpoint between the two.
Re:Uhhh... (Score:3, Insightful)
The problem with subverting a single employee in the manufacturing process is that it would be extremely difficult for him to hide his tracks. Let's assume Mr. Smith is paid by the Chinese government to insert a logic block of, say, 2000 gates into a router chip to provide them with a remote shutdown capability. First Smith has to find a place to put it, so he reruns the place-and-route software, or else does some custom polygon-pushing and hopes he doesn't screw up something else in the design. Then he has to run LVS (layout versus schematic) and DRC (design rule check) scans to make sure the chip is manufacturable, and he made no layout or wiring errors. In most modern design teams, where layouts are managed and checked by multiple people before tape-out, this would be nearly impossible for a single employee to get away with.
So, Smith decides to subvert the firmware instead. Again, unless he's the only person who touches the firmware, and the only person who maintains the updates and revisions, he won't be able to get away with it for long. What happens when Smith is transferred to another project, and Jones takes over the firmware maintenance and realizes something is screwy about the checksum in the current version? Not to mention having to outthink the test and verification group - what if they come up with test vectors that reveal his tampering?
If you're going to subvert one guy, you need to subvert lots of them, and I think that's what worries the U.S. government. If the Chinese were willing to spend the money, they could set up a fake company that could operate for years, or recruit an entire Chinese design house from the get-go, building up long-term customer relationships and looking for opportunities to infiltrate enterprise products. This would not be cheap, but it is not without precedent (e.g. the Glomar Explorer). The problem is that it would take only one leak and the entire operation would be blown, and every fab and design house in China would suffer as a result.
It's so much easier to work on the back end using software. Bribe or blackmail someone inside the targeted organization, hand him a USB thumb drive with a rootkit installer, and the job is done in a matter of hours. Even if the rootkit is discovered, who can prove where it came from? The IT department re-images the drives and the agent is free to try again later.