Hardware Backdooring is Practical presented at DEF CON 20

by Jonathan Brossard,

Tags: Security

Summary : This presentation will demonstrate that permanent
backdooring of hardware is practical. We have
built a generic proof of concept malware for the
intel architecture, Rakshasa, capable of infecting
more than a hundred of different motherboards.
The first net effect of Rakshasa is to disable NX
permanently and remove SMM related fixes
from the BIOS, resulting in permanent lowering
of the security of the backdoored computer,
even after complete earasing of hard disks and
reinstallation of a new operating system. We
shall also demonstrate that preexisting work
on MBR subvertions such as bootkiting and
preboot authentication software bruteforce can
be embedded in Rakshasa with little effort. More
over, Rakshasa is built on top of free software,
including the Coreboot project, meaning that
most of its source code is already public. This
presentation will take a deep dive into Coreboot
and hardware components such as the BIOS,
CMOS and PIC embedded on the motherboard,
before detailing the inner workings of Rakshasa
and demo its capabilities. It is hoped to raise
awareness of the security community regarding
the dangers associated with non open source
firmwares shipped with any computer and
question their integrity. This shall also result in
upgrading the best practices for forensics and post
intrusion analysis by including the afore mentioned
firmwares as part of their scope of work.