Malicious Microprocessor Opens New Doors For Attack

[Saint_Michael 3]

Since hacking became the power house for the criminal underground, the one thing that most hackers didn't have was the hardware knowledge to reengineer the hardware to the point that regardless what they user did the computer would remain open to attacks. Yesterday the first step was taken to actually hack computer hardware to be completely open to attacks as a team from the University of Illinois took an altered computer chip in which it would grant back-door access to a computer and attackers could unleash their havoc.

This is a the gist of what they did to make this possible:

To launch its attack, the team used a special programmable processor running the Linux operating system. The chip was programmed to inject malicious firmware into the chip's memory, which then allows an attacker to log into the machine as if he were a legitimate user. To reprogram the chip, researchers needed to alter only a tiny fraction of the processor circuits. They changed 1,341 logic gates on a chip that has more than 1 million of these gates in total, said Samuel King, an assistant professor in the university's computer science department.

I maybe good in computers, but to do something like that you need great computer engineering skills to pull that off, and with that being said this could lead the way into actually hacking computer hardware and no longer needing to hack software to get into a computer. What is scary enough they did it off a linux machine, and in a post made on linux AV software it was mentioned you need root access to alter anything, and what would be best to get root access then through the hardware. Now it will take a while to refine this hack, but I don't think it would be very cost effective for the hackers, just because they would have to have access to a chip facotry, or be a computer repairer in order to plant the hack chips into the hard ware.


Although it seems possible to hack the hardware it seems impractical just because of what a person would have to do in order to do this correctly, but give it time I guess.

SOURCE

[shadowx 0]

interesting, that must be a mighty fine touch those guys have, can't be an easy thing to do. However i think ordinary desktop users like us are well out of the sights of anyone capable of doing this. I think the targets really are big corporations, maybe the MOD, and banks etc... A hacker could pull a social engineering stunt to get himself in as an elite computer repair bloke, take the "hard drive" *wink wink* out for "repair" and insert a nicely modified CPU without touching the hard drive, wire himself into the backdoor and he has access to millions of bank account details, and if he was really good the entire missile reserves or a large country. Far fetched but possible given the fact this attack is virtually unstoppable at the AV/firewall level and only really preventable by physically locking the machines case shut and putting superglue in the locks.turns the whole computer into the perfect trojan horse, perfectly useful on the outside, deadly on the inside

[Galahad 0]

This is a scary thought... Now, being that they reprogrammed that LEON microprocessor, I'm hoping they can't do it with conventional Intels and AMDs, but... There's always a but... In my oppinion, one doesn't have to reprogramm the CPU... I recon it could be easily accomplished with reprogramming the BIOS, to allow certain types of access... then again, I might be wrong...I suppose this will be a great time to start working on some sort of a hardware that will protect the CPU, like hardcoded hash values of some sort, stored in some other part of the computer, that would alert the user that the CPU is changed...Luckuliy, as shadowx mentioned, primary target would be large servers and companies, governments and such... But, they all do contain sensitive data about us, especially the governemnts... And for example, in my country, there is little care given to some governmental branch computers, like the registry office... And they have all of our data... come to think of it, why would anyone want to have access to my computer? I don't have anything of interest in my computer, no CC numbers, no sensitive info... The real threat is to large corporations, and governmental offices, I think... Hopefully, these masterminds will think of a way to protect microprocessors from such tampering...