Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rootkit Could Hide In PCI Cards

Posted by ryuzaki0 on from the or-under-the-bed dept.

Reverse Gear writes "SecurityFocus has an interesting article about a paper published on the possibility of hiding a rootkit in different PCI cards and having the rootkit survive a reboot or cleansing of the hard disk. It seems though that the author of the article doesn't think this would be abused frequently. From the article and paper: '(Because) enough people do not regularly apply security patches to Windows and do not run anti-virus software, there is little immediate need for malware authors to turn to these techniques as a means of deeper compromise.'"

9 of 134 comments (clear)

  1. Computers are at their hearts.... by DoraLives · · Score: 2, Insightful

    ....fundamentally flawed devices.

    Kinda like the people who build and operate them.

    --
    Is it fascism yet?
  2. Not needed, thanks by dryriver · · Score: 2, Insightful

    Sony's already figured out how to hide rootkits on Audio CDs.

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
  3. not sure what I think about this by Pompatus · · Score: 3, Insightful

    Moreover, computers that use the Trusted Computing Module to protect the boot process will be immune to this type of rootkit compromise, he wrote.

    So basically, this is a well disquised reason to implement the lastest windows DRM

    --

    ----
    Squirrel ... It's not just for breakfast anymore
    1. Re:not sure what I think about this by empaler · · Score: 3, Insightful

      Trusted Computing isn't bad, per se. It's what it is used for.
      I'd love to have uncompromisable equipment.
      Think of it this way; you have a box standing around, just serving. An exploit is found that allows arbitrary code runs, and the particular individual (not a bot) running the arbitrary code scans the hardware, checks it against a list of exploitable units, pulls up the "fix" he needs for that piece of hardware, and bam, you're screwed.
      With TC, you could at least be warned that the equipment is compromised. If you had installed an "unsupported" FW-update to your CD-ROM drive, well, you'd at least know why, but why is the sound card all of a sudden untrustworthy? It seems to work fine...
      But, of course, the emphasis on Trusted Computing isn't end-user security but revenue-stream security. Hooray.

    2. Re:not sure what I think about this by Dunbal · · Score: 3, Insightful

      Read what it says:

      will be immune to this type of rootkit compromise

            However the joy of "Trusted Computing" is that when someone finally DOES find a way to crack it, you'll never know and/or never be able to DO anything about it, apart from throw your computer in the trash.

      --
      Seven puppies were harmed during the making of this post.
  4. USgovt ... think couterveit measures by emptybody · · Score: 2, Insightful

    remember the anti-counterfeiting measures that were secreted into printers?
    what is to stop the Govt from having its own rootkit added to hardware?
    they would have the ultimate supercomputer just waiting for their use.

    --
    comment directly in my journal
  5. Re:I disagree on this remark: by 4e617474 · · Score: 5, Insightful

    Actually, it nagged me enough about software piracy that I switched to Linux.

    --
    Finally modding someone offtopic when they rant about what "Begging the Question" means: priceless.
  6. Non-story? by sm62704 · · Score: 2, Insightful

    I'm not a security professional, nor do I consider myself a hacker in the modern sense (old school maybe; I know how to use a soldering iron) but this seems so damned obvious I can't figure out why Security Focus would print it except for the fact that Norton is only in the paranoia business these days.

    Of COURSE you could put a rootkit in a PCI card. It would have to be done at the factory, even if the "factory" is in Joe's basement and Joe is selling cards to his friends.

    Or Joe could sell PCs with his homemade card installed already.

    This is a big "duh". The article should have been "how to protect yourself against a rootkit in a PCI card". Obviously, your antispyware and antivirus software wouldn't have a ghost of a chance of finding it.

    I would consider the possibility of a PCI card rootkit very low until Sony put rootkits on audio CDs, ruined a bunch of computers (mine included when my daughter played an infected audio CD she bought at the now out of business record store she worked at).

    I personally am on a lifelong Sony boycott cecause if it, both hardware and software, but a one man boycott does nothing but ease my paranoia. I would EXPECT hardware from Sony to contain malware, and everyone else should too since their rootkit didn't cost them anything but one man's business. Now I wonder if the 42 inch flat screen Trinitron I bought a few years ago has a rootkit? No matter, I don't have cable and really don't care if anybody knows what I'm watching.

    I'd be very interested in finding out how one could protect themselves against a hardware rootkit?

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  7. Re:Dupe from a year ago. by sm62704 · · Score: 3, Insightful

    So it's entirely plausible that Sony actually did try to implement this because at the time they had not yet learned how bad agressive DRM was going to be for their bussiness

    Huh? They lost my business, naybe a few other nerds, but I don't see them in chapter 13, 11, or 7. I didn't see anyone go to jail or even fired for it. In fact, I don't see where they sufferred one tiny bit. "He he, we got caught this time. Next time we'll be more careful!"

    As will the other slimy, evil multinationals.

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest