None of this likely matters to you unless youre a nation state. Or the subject of intense interest on the part of very smart hackers who have a keen interest in subverting your systems, for purposes of espionage, say, or perhaps destruction of your countrys security infrastructure. If you are, you should know that Rutkowskas trick is considered cool because the hardware itself cant tell its being subverted, since it cant read the registers that are actually subverting it.Heres the scary part, particularly for digital forensics investigators: Even if you can tell somebodys pulling a Rutkowska hack on your hardware, theres absolutely nothing you can do about it. "Even if you knew you were being shipped somewhere else in memory, you couldnt do anything about it because she was setting in the register a lock bit. The whole purpose of memory acquisition is to see whats running. If a lock bit is set, the only way to read is by rebooting. So everything in memory is now gone." So thats hardware myth No. 1 demolished. John Heasman, director of research at NGSS, took care of the rootkit reimaging myth with a little thing he called firmware rootkits. The current state of application security, Heasman said during his briefing, is in general getting a lot better. The problem is that those applications are running on increasingly complex hardware distributed in multiple waysmultiprocessor machines, for example, with a number of devices in them, each device having its own hard drive and its own storage. "Unless we address hardware security, were leaving an interesting area of attack," he said. Current rootkit detection tools consider only the PCs disk. "But many devices have firmware," Heasman pointed out. "Even your battery has firmware [i.e., software that is embedded in a hardware device], and you can update it from the operating system." Click here to read about five hackers who left a mark in 2006. Firmware is a ripe target for rootkit exploitation because its practically ignored, Heasman said. "Consider each and every machine on your network," he said during the demonstration. "Typically in a well-managed network, admins will be aware of every machine on that network and what its running. But can they tell me exactly what PCI devices are available on every machine on the network? Network cards, graphics cards? And where did those graphics cards come from? Which manufacturer? What exchanged trust from that manufacturer to your network? "Which of these cards are flashable [i.e., allow for firmware updates]? Not all are. If you know which ones are flashable, what firmware do you have on each device? How can you trust the integrity of that firmware? Do you trust in it? Did you audit it yourselves? Did you download it from a random Web site, from the manufacturers site? Did they provide a signature? Did you verify the signature?" In most cases, Heasman said, the answer is "I dont know." "By and large, I would imagine most corporations dont have this information at hand," he said. Heasman chose to persist a rootkit on a PCI device containing a flashable expansion ROM. At the present time, how to detect and prevent such an attack isnt understood when the system in question doesnt contain a TPM (Trusted Platform Module). "My thinking is if you can get a rootkit into an environment where they reimage the system daily, as in some secure systems, we could still survive," Heasman said in an interview with eWEEK. "There are no tools in pub domain that would detect that." Heasman went on to demonstrate the abuse of PXE, the Preboot Environment developed by Intel as part of is "Wired for Management" initiative. For now, suffice it to say that no evidence has been found to suggest that malwares using his technique. "Its dubious as to whether it ever will be exploited by malware," he said, given how easy it is to compromise home users machines. "As long as that remains, theres no reason to develop something that gives you firmware control." But after Black Hat, we now know that it can be done, just one more shattering of a hardware misconception.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
"These hardware devices can request an address and range they want to read," Mandiants Butler said. "They cant read hardware on the chip set. They dont know theyre being sent somewhere else. She said you can definitely be subverted if youre only hardware, and definitely if youre only software, and if you combine the two, you can maybe be subverted because you can perhaps read registries and tell youre being shipped somewhere else."