Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dell Ships Infected Motherboards

Posted by CmdrTaco on from the scanners-do-nothing dept.

An anonymous reader writes "Computer maker Dell is warning that some of its server motherboards have been delivered to customers carrying an unwanted extra: computer malware. It could be confirmation that the 'hardware trojans' long posited by some security experts are indeed a real threat."

12 of 326 comments (clear)

  1. It's not a hardware trojan by lseltzer · · Score: 5, Insightful

    It's firmware, meaning software in a ROM. It's only slightly unconventional.

    And they say it's only on motherboards sent out as replacements. Interesting, you would think this would make it fairly easy to identify the source.

    1. Re:It's not a hardware trojan by Lumpy · · Score: 5, Interesting

      Incorrect. It's firmware, meaning it's software in a FLASH or EEPROM on rare occasions. That means it can be re-written by applications that know how to talk to it. Writing to a FLASH is not hard or a secret, in fact I wrote a self destruct years ago to screw with a kid that kept trying to break into our dial up server. It was called "Router Passwords.exe" and it simply tried to write FF FF FF to the beginning of the Bios flash chip for several different common motherboards.

      it worked, the kid never tried to connect again after he downloaded that bomb.

      If it was a ROM, my trick would not work as you can not update or write to ROM's.

      --
      Do not look at laser with remaining good eye.
  2. Bad Article by Co0Ps · · Score: 5, Informative
    From TFA:

    This malware code has been detected on the embedded server management firmware.

    Firmware != Hardware It would have been impressive if it was a real hardware virus though e.g. some malicious chip that opens a backdoor on the network cards and allows remote code execution.

  3. What did you expect? by Chas · · Score: 5, Insightful

    Basically the entire computer's assembled in a sweatshop by barely literate people who are being paid jack-shit to assemble a "rich-boy toy" for some perceived fat cat in the US who sleeps on piles of money.

    How the hell would they know if someone decided to pull a dick move like this?
    And for what they're being *COUGH*paid*COUGH*, why the hell would they even care?

    --


    Chas - The one, the only.
    THANK GOD!!!
    1. Re:What did you expect? by Elbowgeek · · Score: 5, Insightful

      You do raise a good point. *We* the consumer have demanded the cheap prices of the hardware we buy, thus squeezing the profit margins of companies like Dell. Thus Dell is forced to outsource their firmware development and manufacture to China with too little oversight, leaving greater opportunity for exploitation by those with malicious intent.

      --
      Who is this delectable creature with an insatiable love of the dead?
    2. Re:What did you expect? by Waffle+Iron · · Score: 5, Insightful

      The next time a WalMart shopper complains about job outsourcing, offer to show them the cause of the problem and hand them a mirror.

      The problem is that the "global free market" is a multi-player version of the Prisoner's Dilemma game. It's been proven that in absence of communication between the players, the rational choice in this game is to always "defect". In this case, it means buying cheap imported crap at Wal Mart. If you don't defect, most others continue to do so, and you just end up being a sucker.

      Complaining about individuals' choices is going to accomplish nothing, because they're all making the most rational individual decisions. The only way to change the situation is to include the external costs of cheap offshore production into the retail price, which alters the individual's most rational choice. The most obvious way to do that is slap a tariff on the goods.

  4. To paraphrase Ghostbusters by MonsterTrimble · · Score: 5, Interesting

    I have not studied computer science, firmware trojans nor antivirus. Could someone explain to me:
    1) How do firmware trojans work?
    2) Are they OS independent?
    3) What information can they send and/or damage can they do to a system?

    --
    I call it 'The Aristocrats'
    1. Re:To paraphrase Ghostbusters by snadrus · · Score: 5, Informative

      Think embedded keylogger that sends results somewhere online for starters.
      Although it could be as advanced as a router that's been taken over and allow full remote access to the intranet the PC has. That way all the complex theft software is external.
      And ofcourse it could monitor activity & brick the motherboard if someone was trying to detect it.

      --
      Science & open-source build trust from peer review. Learn systems you can trust.
  5. Re:Wow, Dell... by gorzek · · Score: 5, Interesting

    Just because you have a third party manufacture your hardware doesn't mean you shouldn't do your own QA. After all, it's your reputation on the line, not that of the nameless sweatshop contractor.

    So, yeah, this is thoroughly Dell's fault for not caring about their brand or reputation.

    --
    Check out my world simulator thingy.
  6. Re:why spend millions when you can spend billions? by roman_mir · · Score: 5, Insightful

    Ken Thompson would show you how you'd fail in this anyway. You'd THINK you flashed the chips, but there would be some other code somewhere in the chip that would contain a Trojan. Unless you are in the loop 100% of the time and nobody can inject any modifications into any manufacturing processes, you can't be certain that nothing at all was modified.

    --
    You can't handle the truth.
  7. I like where this is going. by boneclinkz · · Score: 5, Funny

    **This call may be monitored for quality assurance purposes.**

    Customer: Hi, my computer won't POST.

    Steve (Samir): Okay, sir, first we must try a few things. Is the machine currently plugged in?

    **3 hours later**

    Steve: Sir, the problem appears to be a faulty motherboard. Unfortunately your system is out of warranty. Luckily, while the system was operational, our integrated key-logger was able to pull your shipping address and credit card numbers. We have billed you for a replacement system and it should be there in 3-5 business days. Someone will need to sign for it, perhaps your oldest daughter. Justine is turning into a fine looking young-lady, by the way.

  8. SW/HW Malware by Killer+Instinct · · Score: 5, Funny

    Its not bad enough they ship with windows ?

    --
    #include bier;