Hackers learn to threaten computer hardware
AS IF computer viruses and worms aren’t enough of a nuisance, malicious hardware, which will be much more difficult to detect, could soon become a threat too. Today, computer viruses, which are programs downloaded either as an email attachment or when someone visits a website, are responsible for most computer attacks. Hackers use them to gain control of a computer so that they can press-gang it into sending spam or downloading more malicious software, such as a keystroke logger, which can record credit card details and passwords typed in by the user.
Anti-virus (AV) software monitors a computer for signs of a virus, such as chunks of telltale code. To fight back, hackers write new viruses that use different code, or bury the code deeper in the operating system where the AV software isn’t programmed to look. So AV firms and hackers are locked in an arms race, continually trying to outdo each other.
Soon hackers could up the ante even further. Samuel King and colleagues at the University of Illinois at Urbana-Champaign have shown that they could also gain control of a computer by adding malicious circuits to its processor. Because these circuits interfere with the computer at a deeper level than a virus, they effectively operate ‘below the radar’ of AV software.
To evaluate the risk from such hardware, King’s team designed their own malicious circuits. They used a processor called a field programmable gate array (FPGA), whose logic circuits can be rearranged, to create a replica of an existing open source processor called Leon3, which contains around 1.7 million circuits. They then added about 1000 malicious circuits not present in Leon3.
The team found that the circuits allowed them to bypass security controls on Leon3 in a similar way to how a virus hands control of a computer to a hacker, but without requiring a flaw in a software application. When they hooked the FPGA up to another computer, they were able to steal passwords stored in its memory and install malicious software that would allow the operating system it was running to be remotely controlled. “Once you have this mechanism in place, you can do whatever you want,” says King, who presented the work at the Large-Scale Exploits and Emergent Threats conference in San Francisco last month.
Sneaking malicious hardware onto a chip is not as easy as installing a virus. The attacker must either have access to a chip during its design or manufacture, or be capable of manufacturing their own chips, which they would then have to sell to computer makers, or slip into computers during assembly. “It’s not something someone would carry out on weekends,” says King.
Nonetheless, computer scientist Simha Sethumadhavan of Columbia University in New York says that chips and their design processes are becoming more complex, making it easier for a hacker to infiltrate. Recently, some Apple iPods and Seagate hard drives were found to have been sold with viruses pre-installed, demonstrating their vulnerability, says King.