11:00 AM
Paul B
 |
| Blackhat 2012 (Photo credit: sally_monster) |
From Extreme Tech:
At the Black Hat security conference last week, assembly master and long-time security consultant Jonathan Brossard demonstrated a proof-of-concept hardware backdoor. Called Rakshasa (which are unrighteous spirits in Hindu and Buddhist mythoi), this backdoor is persistent, very hard to detect, portable, and because it’s built using open-source tools (Coreboot, SeaBIOS, and iPXE) it could be used by governments and still grant them plausible deniability.
To infect a computer with Rakshasa, Coreboot is used to re-flash the BIOS with a SeaBIOS and iPXE bootkit. This bootkit is benign, and because it’s crafted out of legitimate, open-source tools, it’s very hard for anti-malware software to flag it as malicious. At boot time, the bootkit fetches malware over the web using an untraceable wireless link if possible (via a hacker parked outside), or HTTPS over the local network. Rakshasa’s malware payload then proceeds to disable the NX (no-execute) bit, remove anti-SMM protections, and disable ASLR (address space layout randomization).
No biggy right because you use full hard drive encryption? Um, nope. Rakshasa could provide a really easy method to bypass full hard drive encryption programs like Truecrypt or Bitlocker by providing a backdoor login for the bad guys. The Extreme Tech article says:
The bootkit can be used to create a fake password prompt for Truecrypt and BitLocker, potentially rendering full-disk encryption useless.
The scariest part? This is pretty much unavoidable at this point. What do you think about this? Let us know your thoughts in the comments.
