Hardware Rookits

Eweek.com | March 1, 2007

At the Black Hat Briefings here on Jan. 28, two breakthrough hardware hacks were demonstrated. One shocker was Coseinc Senior Security Researcher Joanna Rutkowska’s demonstration of a way to subvert system memory through software—in essence, the shattering of our long-held belief that “going to hardware” to secure incident response is a security failsafe.

Security professionals at the show called it the “attainment of the holy grail,” particularly since the only way to fix the system’s memory corruption is to reboot—thus erasing all tracks of the subversion.

Hardware heresy didn’t stop there. John Heasman from NGSS (Next Generation Security Software) proved that rootkits can persist on a device—on firmware—rather than on disk, and can thus survive a machine being reimaged. Even reformatting won’t save us these days.

These hacks are esoteric, but they’re proving that much of what we thought of as hardware unassailability is pure folklore.

Did anyone else just feel that chill up your spine?

Leave a Reply