[Year 12 SofDev] "The most demonically clever computer security attack I’ve seen in years"
Mark
mark at vceit.com
Thu Jun 2 13:36:32 AEST 2016
"SECURITY FLAWS IN software can be tough to find. Purposefully planted
ones—hidden backdoors created by spies or saboteurs—are often even
stealthier. Now imagine a backdoor planted not in an application, or deep
in an operating system, but even deeper, in the hardware of the processor
that runs a computer. And now imagine that silicon backdoor is invisible
not only to the computer’s software, but even to the chip’s designer, who
has no idea that it was added by the chip’s manufacturer, likely in some
farflung Chinese factory. And that it’s a single component hidden among
hundreds of millions or billions. And that each one of those components is
less than a thousandth of the width of a human hair.
"In fact, researchers at the University of Michigan haven’t just imagined
that computer security nightmare; they’ve built and proved it works. In a
study that won the “best paper” award at last week’s IEEE Symposium on
Privacy and Security, they detailed the creation of an insidious,
microscopic hardware backdoor proof-of-concept. And they showed that by
running a series of seemingly innocuous commands on their minutely
sabotaged processor, a hacker could reliably trigger a feature of the chip
that gives them full access to the operating system. Most disturbingly,
they write, that microscopic hardware backdoor wouldn’t be caught by
practically any modern method of hardware security analysis, and could be
planted by a single employee of a chip factory.
“Detecting this with current techniques would be very, very challenging if
not impossible,” says Todd Austin, one of the computer science professors
at the University of Michigan who led the research. “It’s a needle in a
mountain-sized haystack.” Or as Google engineer Yonatan Zunger wrote after
reading the paper: “This is the most demonically clever computer security
attack I’ve seen in years.”
Read more -
https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/
--
Mark Kelly
mark at vceit.com
http://vceit.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/sofdev/attachments/20160602/535e3c03/attachment.html
More information about the sofdev
mailing list