Public Release: 

Hackers learn to threaten computer hardware

New Scientist

AS IF computer viruses and worms aren't enough of a nuisance, malicious hardware, which will be much more difficult to detect, could soon become a threat too.

Today, computer viruses, which are programs downloaded either as an email attachment or when someone visits a website, are responsible for most computer attacks. Hackers use them to gain control of a computer so that they can press-gang it into sending spam or downloading more malicious software, such as a keystroke logger, which can record credit card details and passwords typed in by the user.

Anti-virus (AV) software monitors a computer for signs of a virus, such as chunks of telltale code. To fight back, hackers write new viruses that use different code, or bury the code deeper in the operating system where the AV software isn't programmed to look. So AV firms and hackers are locked in an arms race, continually trying to outdo each other.

Soon hackers could up the ante even further. Samuel King and colleagues at the University of Illinois at Urbana-Champaign have shown that they could also gain control of a computer by adding malicious circuits to its processor. Because these circuits interfere with the computer at a deeper level than a virus, they effectively operate 'below the radar' of AV software.

To evaluate the risk from such hardware, King's team designed their own malicious circuits. They used a processor called a field programmable gate array (FPGA), whose logic circuits can be rearranged, to create a replica of an existing open source processor called Leon3, which contains around 1.7 million circuits. They then added about 1000 malicious circuits not present in Leon3.

The team found that the circuits allowed them to bypass security controls on Leon3 in a similar way to how a virus hands control of a computer to a hacker, but without requiring a flaw in a software application. When they hooked the FPGA up to another computer, they were able to steal passwords stored in its memory and install malicious software that would allow the operating system it was running to be remotely controlled. "Once you have this mechanism in place, you can do whatever you want," says King, who presented the work at the Large-Scale Exploits and Emergent Threats conference in San Francisco last month.

Sneaking malicious hardware onto a chip is not as easy as installing a virus. The attacker must either have access to a chip during its design or manufacture, or be capable of manufacturing their own chips, which they would then have to sell to computer makers, or slip into computers during assembly. "It's not something someone would carry out on weekends," says King.

Nonetheless, computer scientist Simha Sethumadhavan of Columbia University in New York says that chips and their design processes are becoming more complex, making it easier for a hacker to infiltrate. Recently, some Apple iPods and Seagate hard drives were found to have been sold with viruses pre-installed, demonstrating their vulnerability, says King.

###

New Scientist reporter: Mason Inman

IF REPORTING ON THIS STORY, PLEASE MENTION NEW SCIENTIST AS THE SOURCE AND, IF REPORTING ONLINE, PLEASE CARRY A LINK TO: http://www.newscientist.com

UK CONTACT - Claire Bowles, New Scientist Press Office, London:
Tel: +44(0)20 7611 1274 or email claire.bowles@rbi.co.uk

US CONTACT - New Scientist Boston office:
Tel: +1 617 386 2190 or email j.heselton@elsevier.com

"This article is posted on this site to give advance access to other authorised media who may wish to report on this story, or quote extracts as part of fair dealing with this copyrighted material. Full attribution is required, and if reporting online a link to www.newscientist.com is also required. This story posted here is the EXACT text used in New Scientist magazine, therefore advance permission is required before any and every reproduction of each article in full. Please contact claire.bowles@rbi.co.uk. Please note that all material is copyright of Reed Business Information Limited and we reserve the right to take such action as we consider appropriate to protect such copyright."

THIS ARTICLE APPEARS IN NEW SCIENTIST MAGAZINE ISSUE: 3 MAY 2008.
EMBARGOED UNTIL WED, 30 APRIL 2008, 13:00 HRS EDT (18:00 HRS BST)

EDITOR'S NOTE: PRIOR PERMISSION IS REQUIRED BEFORE ANY REPRODUCTION OF THIS STORY IN FULL

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.