I don't really know a lot of detail about IT hardware yet, but how easy is it to place a virus in hardware? for example in a network card, a graphics card, a cpu chip, or even a keyboard or a mouse?
Printable View
I don't really know a lot of detail about IT hardware yet, but how easy is it to place a virus in hardware? for example in a network card, a graphics card, a cpu chip, or even a keyboard or a mouse?
I have seen viruses on factory media before, for example a cd-rom. Not in hardware. In theory you could be a virus on a hard disk controller chip and it would write it to the hard drive and a set time, but that would unlikely due the fact that is limited space on hardware controllers so it would hard to do. Using one of the new memory controllers would work the same way, it could just insert the virus some place according to some logic, but for the reason it would be unlikely.
usually stuff in hardware that would cause you harm would be like a hardware key logger or a small radio device that would broadcast your modem traffic over RF.
it is theoretically possible to have a virus in the bios, and some viruses do in fact mess the bios up, but i dont know of any that store themselves there. With new bios that can be updated from windows, though... only a matter of time.
Why would you need to know wabout this?
Thanks for the replies, RobDog I meant to use the term virus loosely meaning code that can cause harm or create security breaches so it could be a keylogger, screenshots, trojan, worm, ect.
I read a little about the clipper chip and realised that hardware can actually be a security risk. Until now I have primarily been looking at software, but now I am looking at my pc's hardware and wondering how much compiled unauditable code is running around in it?
Most AV programs will scan the resident memory too but other areas like embedded code in the firmware of hardware is very hard to detect as the vast amount of hardware manufacturers and models are out there. Best rule of thumb is to avoid questionable websites and scan snything that is placed in your system.
I just had an issue come up concerning a hardware driver. My dad's dvd burner quit working altogether and he burned a disk for me with his usb drive. I didn't even run any code off of it, just opened it in explorer and boom, my dvd burner and my virtual drives are suddenly all broken. Had to do a system restore to fix it.
A system restore will not restore firmware, only system files and registry settings. Chances are that he has a regular virus and it transfered over to your system via the cd.
i know. I said it was in the device driver. :)
Firmware can't interact with software except through a driver, so the driver is the place to look for malicious stuff.
its probably easier if i look at something basic to understand the risk.... a keyboard....
so if i opened up the keyboard.... i would see a series of keys connected to a circuit board.... which is then connected to a cable capable of interacting with a mainboard of a pc or at least a comms card attached to a mainboard ... the driver then translates the keyboard messages for the operating system...to gain access to the harddisk or internet comms ports it needs to gain access to the os hence the driver is weakness not the keyboard.
although if i was a sneaky firmware manufacturer couldn't i hardcode drivers and security holes into the circuit board of the keyboard itself for the popular operating systems? :eek:
no because a keyboard is a serial connection and if you somehow sent data from your keyboard the receiver didn't recognize (like for instance plugging a mouse in the wrong hole ;)) it ignores all the wrong input altogether.
that's clear :D and makes most hardware safe to use drivers excepted hence all the fuss over opensource drivers.
ok moving on to the mainboard then... is it possible to create a hardcoded bootstrap os to send all data moving through the mainboard to an external source via a hidden comms port?
Quote:
Originally Posted by learning c
And how excatly to do you "hide" comm port circuit on a motherboard?
thanks for the reply superbovine...
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
isn't it possible to build in a port that is not accessible to the os as well?
Well, when you said Com port in reference to a motherboard, we assumed(naturally) you were talking about COM ports, otherwise known as serial ports. And no it doesn't make DRIVERS safe to use. Drivers are software. this is why microsoft has the whole digitally-signed driver thing, and why my dvds quit working. when they got virii-modified, they lost their signature.
lol, isn't that enough to make you turn opensource Lord Orwell?
funny you should say that. Only reason i'm not running Linux now is the install crashes on my motherboard because it doesnt recognize my hard drive controller. As it is, everything from my virtual dvd drive (which i mentioned earlier) to my web browser is either open-source or free. I even have a couple of open-source video game remakes. I am also loosely involved right now in a collaberation to make a super-sudoku program (multiple generators & solvers)
su what, sounds like chess... didn't you do something valuable, a snake with legs thingy?
i guess i assumed that there were 65535 physical ports, but i could be outrageously wrong.
essentially if i were a mainboard maker bend on controlling the world, could i install a backdoor port in the board, that also broadcasts the pc's ip?
nope those are software ports all connected to whatever device you are using for communications at the time. one physical address (usually an IP but not always). when you communicate tcp-ip, All data communication between two TCP applications takes place through virtual Ports. A port is associated with the network Socket created and used by the application. A pair of sockets uniquely identifies a connection.
A single computer may receive several tcp packets, with the port number it is for stored inside it. These numbers are used to demultiplex the packet stream and forward the correct packed to the correct application's input buffer.
The binding of port numbers to appications is handled by the OS, however commonly used network apps are assigned fixed #s that are publicly known.
That way you know what port # to connect to for web browsing or email., etc.
ports 1024 - 49141 are Registered Ports. Ports from 49152 through 65535 are usable by anyone. The reason it tops out at 65535 is that's how many addresses you can get from a 16-bit number. I don't forsee any real reason anyone would need THIS many but who can say?
Thread Closed due to the new questions being asked and inappropriateness of them.