Malware Controlling Hardware Is Not A Necessity - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
3/25/2009
03:46 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Malware Controlling Hardware Is Not A Necessity

The last two weeks have brought us two different attack vectors affecting servers and PC's alike. First Invisible Things Lab's Joanna Rutkowska and Rafal Wojtczuk presented the details of an attack on Intel's System Management Module which lets the malware do whatever it wants and effectively hides from everything else. Meanwhile, An

The last two weeks have brought us two different attack vectors affecting servers and PC's alike. First Invisible Things Lab's Joanna Rutkowska and Rafal Wojtczuk presented the details of an attack on Intel's System Management Module which lets the malware do whatever it wants and effectively hides from everything else. Meanwhile, Anibal Sacco and Alfredo Ortega presented an attack that subverts the BIOS at CanSecWest. Can it get any worse?Well, sure it can. Both of these attack vectors are highly specialized, but Rutkowska did confirm that it's possible to create malware that could discover the necessary parameters carry off an SMM attack rather than having to create specific malware for each motherboard and chipset combination. She's also quick to point out that there are other, easier, and more effective ways to get control of a host.

Conficker is one recent example. Exploiting a known vulnerability for which there is a patch, Conficker continues to spread and according to analysis by SRI continues to evolve and demonstrates the creators ability to adapt and enhance the malware. Conficker is sophisticated, to be sure, but it's no where near the cutting edge exploit that a BIOS update or SMM rootkit is. Yet, Conficker has much more potential.

Both attacks are highly specific and require substantial expertise to become effective. In SMM Rootkits: A New Breed of OS Independent Malware, a paper that Rutkowska references, the authors list number of limitations in making a generalizeable SMM rootkit not the least of which is not having OS driver support to utilize installed hardware.

The research is interesting and the attacks are viable, but given the simpler, easier, more wide spread methods of gaining control of a system, hacking the BIOS or SMM probably isn't big threat.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll