.

Black Hat Demonstrations Shatter Hardware Hacking Myths

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Mar 01, 2007 12:13 pm

Black Hat Demonstrations Shatter Hardware Hacking Myths

ARLINGTON, Va.—Unless you were at Black Hat on Feb. 28, you probably woke up safe in the assumption that if a rootkit hit your system, reimaging would remove it. You probably also thought that the best way to search a PC's volatile memory, or RAM, was by grabbing it with a PCI card or a FireWire bus.

You were wrong.

At the Black Hat Briefings here on Jan. 28, two breakthrough hardware hacks were demonstrated. One shocker was Coseinc Senior Security Researcher Joanna Rutkowska's demonstration of a way to subvert system memory through software—in essence, the shattering of our long-held belief that "going to hardware" to secure incident response is a security failsafe.

Security professionals at the show called it the "attainment of the holy grail," particularly since the only way to fix the system's memory corruption is to reboot—thus erasing all tracks of the subversion.

It's a digital forensic team's worst nightmare. How can you figure out—and prove in court or to auditors—what people have been doing on your company's PCs, for good or evil?

Hardware heresy didn't stop there. John Heasman from NGSS (Next Generation Security Software) proved that rootkits can persist on a device—on firmware—rather than on disk, and can thus survive a machine being reimaged. Even reformatting won't save us these days.

These hacks are esoteric, but they're proving that much of what we thought of as hardware unassailability is pure folklore.

Jamie Butler, principal software engineer at security services provider Mandiant, explained the significance of Rutkowska's hack in an interview with eWEEK at Black Hat here. "The significance of it is there's been this folklore, this legend that if you do hardware acquisition of memory, it's not subvertible," Butler said. "But if you're running software and you're accessing memory, you can be subverted."


For full story:
http://www.eweek.com/article2/0,1895,2099603,00.asp

Don
CISSP, MCSE, CSTA, Security+ SME
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Thu Mar 01, 2007 1:10 pm

Re: Black Hat Demonstrations Shatter Hardware Hacking Myths

Joanna is my hero, good article
<<

LSOChris

Post Thu Mar 01, 2007 8:24 pm

Re: Black Hat Demonstrations Shatter Hardware Hacking Myths

man that is totally awesome!!  can wait to read about and play with it.
<<

Kev

Post Thu Mar 01, 2007 8:40 pm

Re: Black Hat Demonstrations Shatter Hardware Hacking Myths

Hmmm, so not only will we have to reformat the hard drive when there is a rootkit, we will also need to reflash the firmware. Great, lol!
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Fri Mar 02, 2007 6:43 am

Re: Black Hat Demonstrations Shatter Hardware Hacking Myths

Don already knows this, but this is exactly the reason I asked to have Assembly added to the present poll at the last minute.

On the morning of the poll being published I had a chat with someone who I consider "a security expert", and he was telling me the same things that are now being published at the Black Hat convention. He then went on to say (without me mentioning the poll here) that this is the future of malware, and that he thinks that now the most important thing that security professionals can learn is Assembly.

BTW, kudos to Joanna.
Last edited by Negrita on Fri Mar 02, 2007 6:55 am, edited 1 time in total.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.

Return to Hardware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software