1. 13:27 1st Aug 2012

    Notes: 1

    Tags: TechnologytechCyberwarHackingChinaMalwareSpywareComputersComputing

    image: Download

    Rakshasa: The Untraceable, Undeleteable  Hardware Backdoor That Could Already be on Every Gadget you Own Hardware backdoors are lethal for three reasons: They can’t be removed by conventional means (antivirus, formatting); They can circumvent other types of security (passwords, encrypted filesystems); and They can be injected at manufacturing time. At the Black Hat security conference last week, assembly master and long-time security consultant Jonathan Brossard demonstrated a proof-of-concept hardware backdoor. Called Rakshasa (which are unrighteous spirits in Hindu and Buddhist mythoi), this backdoor is persistent, very hard to detect, portable, and because it’s built using open-source tools (Coreboot, SeaBIOS, and iPXE) it could be used by governments and still grant them plausible deniability. To infect a computer with Rakshasa, Coreboot is used to re-flash the BIOS with a SeaBIOS and iPXE bootkit. This bootkit is benign, and because it’s crafted out of legitimate, open-source tools, it’s very hard for anti-malware software to flag it as malicious. At boot time, the bootkit fetches malware over the web using an untraceable wireless link if possible (via a hacker parked outside), or HTTPS over the local network. Rakshasa’s malware payload then proceeds to disable the NX (no-execute) bit, remove anti-SMM protections, and disable ASLR (address space layout randomization). (via Rakshasa: The hardware backdoor that China could embed in every computer | ExtremeTech)

    Rakshasa: The Untraceable, Undeleteable  Hardware Backdoor That Could Already be on Every Gadget you Own

    Hardware backdoors are lethal for three reasons:

    • They can’t be removed by conventional means (antivirus, formatting);
    • They can circumvent other types of security (passwords, encrypted filesystems); and
    • They can be injected at manufacturing time.

    At the Black Hat security conference last week, assembly master and long-time security consultant Jonathan Brossard demonstrated a proof-of-concept hardware backdoor. Called Rakshasa (which are unrighteous spirits in Hindu and Buddhist mythoi), this backdoor is persistent, very hard to detect, portable, and because it’s built using open-source tools (Coreboot, SeaBIOS, and iPXE) it could be used by governments and still grant them plausible deniability.

    To infect a computer with Rakshasa, Coreboot is used to re-flash the BIOS with a SeaBIOS and iPXE bootkit. This bootkit is benign, and because it’s crafted out of legitimate, open-source tools, it’s very hard for anti-malware software to flag it as malicious.

    At boot time, the bootkit fetches malware over the web using an untraceable wireless link if possible (via a hacker parked outside), or HTTPS over the local network. Rakshasa’s malware payload then proceeds to disable the NX (no-execute) bit, remove anti-SMM protections, and disable ASLR (address space layout randomization).

    (via Rakshasa: The hardware backdoor that China could embed in every computer | ExtremeTech)

     
    1. rainsexual reblogged this from joshbyard
    2. joshbyard posted this