Researchers design "malicious circuits," warn of potential risk
By Donald Melanson 
posted May 1st 2008 2:45PM
posted May 1st 2008 2:45PM
We've already seen a few viruses delivered via hardware, but a group of researchers from University of Illinois at Urbana-Champaign are now warning that we may not have seen anything yet. As New Scientist reports, they've apparently managed to develop their own "malicious circuits," which they say can interfere with a computer at a deeper level than a virus, and completely bypass traditional anti-virus software. To accomplish that slightly unsettling feat, the researchers created a replica of the open source Leon3 processor, and added about 1,000 malicious circuits not present in the original processor. Once they hooked that up to another computer they were apparently not only able to swipe passwords from memory, but install malware that would allow the operating system to be remotely controlled as well. Of course, they admit that sneaking such malicious circuits onto a chip isn't exactly an easy proposition, given that someone would either need to have access to a chip during its manufacturing process, or have the ability to manufacture their own. Or, as the project's lead researcher puts it, it's "not something someone would carry out on weekends."[Via TG Daily, image courtesy Actel]
time to go retire to a farm before the machines take over
run to the hills
Yeah, better be careful when getting hardware off BitTorrent.
Post enough? Juuuust joshin' on your taters.
Is this really news?
agreed... i'd rather see the 57th laptop post this week
'course it's news. Regular viruses are in software. This is a "hardware virus." It cannot be stopped no matter what antivirus you throw at it. Scary, huh?
i wonder if Psystar could be considered a hardware virus
@Aguiluz
It can be stopped by throwing an antivirus at it... if a sledgehammer can be considered an antivirus...
@phanbouy
Yeah, I haven't seen a EEE rip-off in a while Engadget.
I just don't have a better way to put it. "during its manufacturing process...".
Why even bother telling us this, when the above is the case. It's like saying "Every human can be born with herpes, the doctor would just have to give it to you at birth." DUH!
I think the bigger concern is these modified components showing up in counterfeit hardware. For example, counterfeit Cisco routers are starting to become a real concern: http://www.networkworld.com/news/2006/102306counterfeit.html
If they can integrate the malicious circuits in the counterfeits, then, yes it is a concern.
Yes thats a very real threat. However it will be limited to things that can be counterfeited. You'll never see a fake Core 2, PS3, PSP, GeForce etc.
Um Don't we get our chips from China? They might have a vested interest in that sort of control.
All your PC are belong to us
So, this could be something of a problem if, hypothetically, there was counterfeit equipment (maybe Cisco routers?) that were deployed on, say, government networks?
Hmmm....http://www.tgdaily.com/content/view/37100/108/
The government can scramble the data before it passes to the router.
@Aguiluz:
Sure, their datas safe, but what about their infrastructure.
If someone plants a timebomb in these router, then the govt can loose their entire network. Also, it can be used to create/send out its own false information, appearing to come from the govt.
but look on the bright side atrain, now it'll be easier to upload viruses to the mothership
They've been slipping virus files and malware into digital frames and external hard drives. I don't think it's too far fetched to think if someone massed produced fakey chips they couldn't find their way into something. Maybe a network card? modem? hard drive? Smart enough to log your keystrokes and 'watch' for password entries and all.
And there'd be no way to really know, unless AVs caught on to the tech somehow.
I'm concerned....not much, yet...but still concerned.
So... they've discovered is that people can create malicious hardware.
Wow. Earth shattering.
No shit.
Totally agree what a waist of university research effort. How many government dollars in research grants went into this.
exactly. education dollars should be spent teaching yokels how to spell "waste".
This basically means I wont be buying an open source Leon3 processor any time soon. Thank you, researchers from University of Illinois at Urbana-Champaign for developing a new technology that makes me uncomfortable buying an open source Leon3 processor.
I could see a new system of certification coming down the road. Creating a solid paper trail for the suppliers will make tracing these malicious cricuits back to the source easier - And buying from reputable sources more assured.
I just don't see this as being nearly wide-spread as software viruses. Building the chips and somehow getting them into your system would seem pretty darn difficult to do, and not worth doing to the average computer user.
...And designing and making the chips that would go into regular systems (that would otherwise work like their regular counterparts) would seem like something very, very few people would be able to do. It would require coordination between those people all the way through the manufacturing, selling, and distributing of the chips. Not very likely.
I guess high-level spying would be another thing, though.
awesome! now computers will come with chains of custody like toxic waste!
Such systems give the illusion of accountability at extra cost. Pointless burden. Why would you trust a piece of paper you know nothing stamped by people you know nothing about from hardware you know nothing about? Are you going to call people up to make sure their stamp is valid before buying? Call the phone company to make sure it is a legit number that you just called?
Your only protection in the market is that you can hold the manufacturer accountable after the fact.
Windows Vista is a virus that your antivirus software can't detect. Vista is so powerful that not even your sound/video drivers can detect it!
please don't comment on anything
ever again
AIDS is a virus too, but it's usually not what kills you in the end. Most people still refer to windows as an 'operating system'.
This isn't anything that the NSA hasn't already done.
You're "kind of" right, but this is what they are "trying"!
And it's really important.
and thats the reason why i dont like CHINA making most of the computer components on the planet . Specially with companies outsourcing to chinese OEMS . I just hope the U.S government has a back up plan or at least some plan to protect computers from such risks .............
Why is it the U.S. Government job? Take some action and protect yourself and your own computer. Whatever happened to personal responsibility. Why is it always the Government's fault or job to do something?
Yeah, but they best be doing something about the huge infrastructure of computers the government possesses. You losing your mp3 collection is nothing as compared to what could happen.
Watch out for those chips that "Made in Afghanistan" by Osama Bin Ladin Corp.
I GET IT ITS A JOKE
Didn't they have a movie about this a few years ago called Runaway ?
Magnum PI meets "The Demon"
MacGyver meets Numb3rs!
...wait, what are we talking about?
It's probably easier than demonstrated if the hardware is make from
FPLA's (field programmable logic arrays). The hardware virus is just
another software virus in disguise.
don't you mean ROBOTS IN DISGUISE?
This is actually pretty crazy so now if you are a hardware tech you can just slip in modified processors at IBM or some other big corp and have some major gold farming fun at nights...
This may be way more threatening than you think. Imagine a scenario where circuits are manufactured (like China) and that government wants to be able to invade or query our data at will. Even our government and scientific/military data. Or, worse, the government wants to be able to shut down or even destroy a group of computers on command.
We are unable to tell if this is going on even at this moment. If the computer functions normally otherwise, we cannot examine every internal circuit on a microchip to see if anything extra is there and lying in wait.
I hope our scientists take this very seriously.
For some reason i get the feeling that SONY is gonna employ these guys.
finally their DRAM , rootkit and other world domination fantasies will be realised.
That is why some cases has a lock on the door... so that this thing doesn't do inside your computer without realizing it.
It is good to grammar. I often.
What you say?
They set us up the malicious hardware.
So it's possible to attach hardware to a system that compromises it at a very low level. Shocking. This has never been done before.