6

How can I secure the BIOS, video card, network card, PCI, etc. of the computer against remote exploit? I have heard that it is possible to remotely exploit a computer using vulnerabilities in these hardware devices, and that a compromise that occurs in this way may be hard to detect or remove.

So, how can I protect the hardware of my computer against remote exploits when connected to the Internet?

D.W.
  • 98,860
  • 33
  • 271
  • 588
linux1
  • 69
  • 2
  • 4
    _"lots of ways to exploit a computer besides at the OS level"_ Source? I heard of a few attacks, but they are very rare in comparison. Also I don't think you can really ask "how do we go about protecting this", it really depends on the case. – Luc Sep 16 '12 at 21:12
  • 1
    Side-note: I recently attended a talk at 44con which dealt with exactly this. Essentially it focused on attacking commodity hardware (tablets, TVs, BluRay players, etc) via various communications ports. In one case, fuzzing ethernet-over-HDMI completely bricked a TV. So, it's clearly not impossible to attack such devices. – Polynomial Sep 16 '12 at 22:55
  • @Polynomial, interesting! And in retrospect not too surprising, I suppose. But, were those remote exploits? (i.e., ones that could be exploited remotely over just an Internet connection, with no physical presence required?) My impression is that remote exploits on hardware devices are much rarer -- not unheard-of, but most attacks on the hardware require physical presence. – D.W. Sep 17 '12 at 04:11
  • @D.W. Most of them were using hardware plugged into a particular device (e.g. via HDMI), but some could be done via remote control panels and such on media centre devices. – Polynomial Sep 17 '12 at 10:02
  • 1
    Recommended reading: [Is making a clean install enough to remove potential malware?](http://security.stackexchange.com/q/7204) – Gilles 'SO- stop being evil' Sep 17 '12 at 16:03
  • 1
    Thanks for all the detailed answers. Yes I was wondering only about remote hardware exploits. I really didn't know if the hardware peripherals are protected by the OS (assuming of course everything has been done at the OS level to secure the computer), or if they can be exploited directly without having to compromise the OS first. It seems that they can in some cases. I like that google's chromebook has verified boot and bios protection and all of that. Great idea, too bad it's a google product. Wish there was another architecture out there with those types of protections or something similar – linux1 Sep 17 '12 at 14:23

5 Answers5

5

There have been vulnerabilities caused in how the operating system uses hardware. For instance there have been vulnerabilities in systems using Intel processors, although this vulnerability was fixed in the operating system, just about every OS had to be fixed.

Drivers are usually the culprit. Recently there was a privilege escalation vulnerability with nvidia's Linux driver.

There have also been vulnerabilities in wireless devices. The most famous being the OSX Remote Code Execution vulnerability using malformed 802.11 frames.

Vulnerabilities in drivers are absolutely no different any other vulnerability (other than the fact that they are very uncommon and the payload usually runs in kernel-land). To defend your self, make sure your system is updated regularly. Disable hardware that you are not using, (Like NFC on your phone!)

rook
  • 47,004
  • 10
  • 94
  • 182
2

Generally "exploits" at the BIOS level that happen are not the result of a targeted attack; instead they are in most cases BIOS-altering malware. However, BIOS/MBR exploits dont generally fit into the category of "Hardware Security".

If you are trying to secure a personal computer, having your OS updated regularly, using an AV, being skeptical about what you install on your machine, reducing the attack surface and being security-aware in general can go a long way.

2

It is very rare to see hardware vulnerabilities that allow someone on the other side of the Internet to exploit you, just through your Internet connection.

It is most common to see hardware issues allow someone with physical access to your machine to exploit your system. (See, e.g., the Firewire DMA holes, cold-boot attacks, and all of the bad things that can happy if someone sticks a USB device into your system.) There have also occasionally been hardware issues that allow local privilege escalation or allow local unprivileged users to crash your machine, though these appear to be rare.

Finally, there are a number of hardware issues that allow an attacker who has compromised your machine (in some other way) to introduce stealthy malware. For instance, some how shown how to hide a rootkit inside your network card or the firmware of other hardware peripherals. In some cases it is also possible to infect the BIOS. These are hard to defend against: you can partially defend against them by using secure boot and trusted computing (e.g., your TPM), but at this stage those defenses are rudimentary and difficult to deploy effectively. The best line of defense is the first one: take other steps to avoid compromise of your machine in the first place.

What should you do? For most people, hardware-related attacks are a much lower risk than other kinds of attacks, so it is not worth worrying specifically about hardware-related attack vectors. You should use standard safe computing practices (turn on automatic updates, back up regularly, use A/V software if on Windows, etc.). If you are concerned, about physical attacks, you could use full-disk encryption: Bitlocker has a good reputation, and has features specifically designed to prevent attacks based upon compromising the BIOS or other hardware elements.

D.W.
  • 98,860
  • 33
  • 271
  • 588
0

An attack on the hardware "from the internet" is as likely as an attack on any portion of the computer's application or OS stack. The attack vectors are the same: buffer overruns, default passwords on accounts, SQL injection, etc., and the defenses are the same: keep your drivers and OS patches current, and keep your anti-malware software updated.

Or are you asking about attacks where the attacker has physical access to the device? Securing the machine is a different animal. You have physical security (lock the cabinet to make it tougher to open, etc.), port security (disable USB mass storage devices to prevent Stuxnet types of attacks, disable external Firewire ports as Firewire enables DMA reading of memory), and system security (password on the BIOS settings, full disk encryption, etc.) But at some point the machine may be so locked down such that it's too expensive to administer it anymore.

So like anything else, define what's at risk, compare it to your budget, and secure what you can afford to secure. It's pointless to worry about some mythical "graphics card attack" if you're going to run telnetd or keep the default passwords.

John Deters
  • 33,897
  • 3
  • 58
  • 112
0

It was shone, I think at a recent defcon but correct me if I'm wrong, that malware could be hidden on the BIOS, and by continuation other hardware (esp if EFI). While possible it requires:

A) a very dedicated attack as the attacker must know your BIOS info.

B) root access to the OS. Malware would first gain system root, then flashing itself to the hardware.

It is unlikely, however, if after a fresh install of the OS (and you don't connect anything to it) the same malware returns to your system flashing the BIOS and any other hardware is a potential fix.

Because of the nature of this, it is wiser to harden an OS rather then hardware.

November
  • 505
  • 1
  • 5
  • 12