Friday, November 26, 2010

Network card based rootkits (The Rootkit Game Changer)

Guillaume Delugré, a security engineer for a French security firm has been able to create a working hardware based rootkit within the firmware of a NIC using only publicly available documentation on the internet.

Read the article here: http://www.theregister.co.uk/2010/11/23/network_card_rootkit

This will allow "The Bad Guys" an entry way to a device that doesn't have code living on the operating system itself. This completely renders any anti-malware/rootkit software utterly useless since this software is only looking on the operating system itself. You can format the machine as much as you like, but this rootkit's here to stay.

Speaking with a well known Information Security expert 2 weeks ago on this very subject he seemed very unconcerned with the possibility that hardware based rootkits would become a threat in the near future. I wonder if he's changed his mind after seeing this news.

Since the majority of all hardware is made over seas in countries like Taiwan, whats to stop someone or some organization implementing code into this hardware that will essentially give them complete control over hardware they sell?

Albeit its probably not good for business if this was to be found (Google "SONY Rootkit"), but what about a rouge group that's working within one of these companies? We've already seen digital signatures stolen out of Taiwan to be used in Stuxnet.

This is not out of the realm of possibility.

No comments:

Post a Comment