"Malicious circuits" could embed malware directly into hardware
Thu May 8, 2008 10:54AM EDT
See Comments (10)
You thought you had your hands full with spam and your garden-variety software viruses, eh? Well, hang on to your seat: A new type of threat is just now being tinkered with in research labs. Called "malicious circuits," the new potential threat involves designing (or surreptitiously redesigning) microchips that can perform evil deeds without having to rely on software being installed on a computer.
If it sounds theoretical and far-fetched, think again: It's already possible, and it's been proven on a microchip called Leon3. Leon3 is an open-source chip design containing 1.7 million circuits. Because it's open source, anyone with the knowhow and the inclination can contribute to the design of the chip. As a proof of concept, researchers at the University of Illinois at Urbana Champaign took the chip design and modified it through the addition of just 1,341 logic gates, a pittance compared to the overall size of the chip. Those changes give an attacker three ways to compromise the system, including a backdoor that would give anyone with the knowledge of the hack complete access to the system and another that would allow theft of any password as it's typed on the machine.
The really scary thing is that, since the attack lives in hardware, not software, it's virtually impossible to detect. For example, antivirus software can only scan your computer for active processes that are outside the realm of normal operation. But a malicious circuit requires no software, existing at such a low level as to make defense against it far more difficult. It's the computer equivalent of a double agent who's been living in deep cover for 20 years.
Because the knowledge and effort involved in such an attack is so extreme vs. that of a software-based attack, malicious circuits aren't likely to be a major threat for the average user, but the potential danger here is real. All it would take is for one designer to target a popular chip design, then lay low as it's shipped into the industry. Imagine what might happen if an Intel CPU was compromised. Highly unlikely, sure, but devastating if it ever came to pass.
Top 5 Posts
More About Desktops
Comments on "Malicious circuits" could embed malware directly into hardware
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
2 Posted by rogueist on Thu Sep 3, 2009 8:49PM EDT Report Abuse
It's been done many many many times before in the past, and is such a problem that the DoD requires that major chip components be manufactured on US soil only today.
-
3 Posted by allita@sbcglobal.net on Thu Sep 3, 2009 2:51PM EDT Report Abuse
What do you
-
4 Posted by alan_r_cam on Thu Sep 3, 2009 2:49PM EDT Report Abuse
rogueist, are you saying that Intel must shut down all the manufacturing plants in Ireland ?
-
5 Posted by agustin2489 on Thu Sep 3, 2009 2:47PM EDT Report Abuse
My, my rogueist. I don't think I'm blunt in saying that you troll, sir. You troll. Anyway, I remember thinking about this the other day. I just thought that methods of detection were much easier to use. I don't think the home user would find malicious circuits in their computers (unless the manufacturer puts them in without their consent, etc). No, I find this more likely in settings of corporate espionage.
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
1 Posted by miller6994 on Thu Sep 3, 2009 7:20PM EDT Report Abuse
Sure the virus and malware slime are out there in the software realm, but in the firmware realm there is an implied trust. If that were to go away then we are all screwed.