AS IF computer viruses and worms aren’t enough of a nuisance, malicious hardware, which will be much more difficult to detect, could soon become a threat too.
Today, computer viruses, which are programs downloaded either as an email attachment or when someone visits a website, are responsible for most computer attacks. Hackers use them to gain control of a computer so that they can press-gang it into sending spam or downloading more malicious software, such as a keystroke logger, which can record credit card details and passwords typed in by the user.
Anti-virus (AV) software monitors a computer for signs of a virus, such as chunks of telltale code. To fight back, hackers write new viruses that use different code, or bury the code deeper in the operating system where the AV software isn’t programmed to look. So AV firms and hackers are locked in an arms race, continually trying to outdo each other.
Soon hackers could up the ante even further. Samuel King and colleagues at the University of Illinois at Urbana-Champaign have shown that they could also gain control of a computer by adding malicious circuits to its processor. Because these circuits interfere with the computer at a deeper level than a virus, they effectively operate ‘below the radar’ of AV software.
To evaluate the risk from such hardware, King’s team designed their own malicious circuits. They used a processor called a field programmable gate array (FPGA), whose logic circuits can be rearranged, to create a replica of an existing open source processor called Leon3, which contains around 1.7 million circuits. They then added about 1000 malicious circuits not present in Leon3.
The team found that the circuits allowed them to bypass security controls on Leon3 in a similar way to how a virus hands control of a computer to a hacker, but without requiring a flaw in a software application. When they hooked the FPGA up to another computer, they were able to steal passwords stored in its memory and install malicious software that would allow the operating system it was running to be remotely controlled. “Once you have this mechanism in place, you can do whatever you want,” says King, who presented the work at the Large-Scale Exploits and Emergent Threats conference in San Francisco last month.
Sneaking malicious hardware onto a chip is not as easy as installing a virus. The attacker must either have access to a chip during its design or manufacture, or be capable of manufacturing their own chips, which they would then have to sell to computer makers, or slip into computers during assembly. “It’s not something someone would carry out on weekends,” says King.
Nonetheless, computer scientist Simha Sethumadhavan of Columbia University in New York says that chips and their design processes are becoming more complex, making it easier for a hacker to infiltrate. Recently, some Apple iPods and Seagate hard drives were found to have been sold with viruses pre-installed, demonstrating their vulnerability, says King.
###
New Scientist: http://www.newscientist.com/ Article found using EurekAlert!, a service of AAAS.
This article has been viewed 371 time(s).
 |
 Digg |
 FarkIt |
 |
 StumbleUpon |
 del.icio.us |
 |
Computer scientists from the University of California, San Diego broke "the terabyte barrier" – and a world record – when they sorted more than one terabyte of data (1,000 gigabytes or 1 million megabytes) in just 60 seconds. During this 2010 "Sort Benchmark" competition – the "World Cup of data sorting" – the computer scientists also tied a world record for fastest data sorting rate.
A research group led by computer scientists at the UCLA Henry Samueli School of Engineering and Applied Science has proved that cryptography — the practice and study of hiding information — that is based solely on physical location is possible by using quantum mechanics.
Google it. That's what many college students do when asked to read an excerpt of a play for class, write a resume or find the e-mail address of a politician.
Thousands of people around the world have died in train wrecks caused by natural disasters. In 2004, the tsunami in Southeast Asia derailed a Sri Lankan train, killing 1,700 people. But with modern advances, these tragedies can be avoided ― and a Tel Aviv University researcher, working in collaboration with teams from seven countries, is leading the way.
Researchers have shown that an advanced cooling technology being developed for high-power electronics in military and automotive systems is capable of handling roughly 10 times the heat generated by conventional computer chips.
To many big companies, you aren't just a customer, but are described by multiple "dimensions" of information within a computer database. Now, a University of Utah computer scientist has devised a new method for simpler, faster "data mining," or extracting and analyzing massive amounts of such data.
A new approach to processing X-ray data could lower by a factor of ten or more the amount of radiation patients receive during cone beam CT scans, report researchers from the University of California, San Diego.
As physician-guided robots routinely operate on patients at most major hospitals, the next generation robot could eliminate a surprising element from that scenario -- the doctor.