There have been many BlackHat/ShmooCon/OHM/etc talks that are just waiting to be weaponized. Things like Thunderbolt/Firewire, HDD controllers, USB fuzzing, laptop batteries, or even malicious chargers. Combination attacks like Stepping P3wns have been demonstrated that move from printers to VOIP phones to routers to computers.
I've been experimenting with EFI and DMA attacks over Thunderbolt and it is truly horrifying how poorly implemented the security is when devices are connected to the internal busses. Makes me want to fill every I/O port with epoxy, encase the computers in concrete, dump them in the river and go back to pencil on paper. And even then I'm not sure about the pencils.
And not all of the attacks are "smart device[s] emulating a usb stack, not just a dumb usb device ferrying data" -- many of them modify normal existing controllers (like the multi-core ARM in the HDD, or the option ROM in the gigabit ethernet adapter). And as more modern devices get shoe-horned into smaller packages we've ended up with video cables that have full ARM CPUs built literally into the cable housing. Things that we don't think of as "smart" have become programable and potential attacks vectors.
The downside of all this complexity is that there can be bugs in the hardware abstraction layer ... as a result it’s not feasible, particularly for third party controllers, to indelibly burn a static body of code into on-chip ROM. The crux is that a firmware loading and update mechanism is virtually mandatory, especially for third-party controllers.
In my explorations of the electronics markets in China, I’ve seen shop keepers burning firmware on cards that “expand” the capacity of the card — in other words, they load a firmware that reports the capacity of a card is much larger than the actual available storage.
« Older The Quenelle - Anti-establishment or a reverse... | Mads Mikkelsen is absolutely stellar as the Mad... Newer »
This thread has been archived and is closed to new comments