Malware Now Hiding In Graphics Cards 125
mask.of.sanity writes "Researchers are closing in on a means to detect previously undetectable stealthy malware that resides in peripherals like graphics and network cards. The malware was developed by the same researchers and targeted host runtime memory using direct memory access provided to hardware devices. They said the malware was a 'highly critical threat to system security and integrity' and could not be detected by any operating system."
Old news and Prior Art. (Score:2, Interesting)
Interesting that security researchers are JUST NOW thinking about this. I was on an flight from San Diego to Japan back around 2005, seated next to a gentleman on his way to a computer conference - I believe it was HITB, and either Dubai or Malaysia - and we were chatting about the inevitability of computer virus exploits being used to co-opt hardware instead of operating systems. He had recently developed a way to suborn the Nvidia Geforce bios update process by presenting the card with a working update that contained arbitrary code. Once loaded into the BIOS, the update version number was far beyond any possible build number - so it could not be removed except by either replacing the card or by replacing the BIOS chip. If I remember correctly, the gentleman who I was talking to was rather interested in my mentioning that the most beneficial place to install similar software would be a networking card, as the network card could "listen" for command and control signals without the interference of the operating system or any security software - kind of an "outside the tripwire" situation.
create your own payloads (Score:5, Interesting)
network cards can create magical endpoints from thin air without having to send or receive any packets
or they can look for a specific pattern in a packet and ship its contents to a preordained destination
don't try to think about what they cannot do, think about what they can do, it's frightening
Nothing new here (Score:3, Interesting)
I remember a "dinosaur" telling me about an S/390 "virus" in my youth. It was written to infect the disk, drum, and tape controllers, and to replicate itself to any uninfected devices in the system.
It was relatively harmless. It would periodically pop up a console message like "I want a cookie.", and lock up the system until the operator typed in "cookie".
However, apparently the only way to purge the thing was to replace all the hardware controllers at the same time.
Whether true or not, I do not know. But it's the oldest "virus" story I've ever heard -- it was told to me way back in the 80s.