Infected computer with extra stealthy back-door

At the Black Hat security conference in Las Vegas Nevad Jonathan Brossard who is a well known hacker demonstrated that a software code can be hidden deep within the hardware of a computer, creating a back door that would allow secret remote access over the Internet and this secret entrance can not be closed by switching the computer’s hard disk or reinstalling its operating system.

Apparently this back-door tool needs to be installed into the BIOS chip on the computer’s motherboard which contains the main processor and other core components are mounted, the computer’s BIOS chip contains the first code known as firmware which runs when it is powered on to start the process of booting up the operating system…

Brossard also pointed out that he can hide his malicious code inside chips of other hardware components such as network cards, and have it jump into the BIOS when necessary.

Got a url of this presentation?

Sorry about that Mr. Belvedere

I read the article at the link below…

I Googled some & found this. I couldn’t find a video on this.

Interesting read. It’s not a new technology. The US used to send printers to Iraq full of backdoors and tracers.

I’m not sure how normal mortals could defend against this. Perhaps you need to check your BIOS checksum from time to time or disable any EEPROM writing unless explicit authentication (which can also be hacked of course).

With all the cyber ware-fare going on between the various countries kinda makes you wonder, especially when the manufacturing of computers and other gadgets are being produced in those countries that are involved in cyber ware-fare.

Paranoia sets in

So many ROMs are available, so many that would never be updated, too. If my “Cookie Monster Phone Home” paranoia ever had any basis in fact, it would still pale in comparison to the ability of some ROM doing keyboard-captures and transmitting those - via email for off-line machines, via always-on-CONNECTs, anything.

And heavens, the whole MIDI-ized world of instruments - capturing and transmitting new music before publication… yeowy. The Everly Brothers walk into their studio only to discover WAKE UP LI’L SUZY’s already been recorded by some bubble-gum boy band. RIAA merely tells them, “That’s the luck, boys… you can’t prove a thing, so go home and write us some more hits. Meanwhile, we need to stamp out accurate download numbers in Pirate Bay again.”

How about circuit boards & chipsets ,etc for military aircraft , missles , submarines,etc.
Where is our (US) government getting those ?

If they are foreign made even partially are they in danger of this backdoor?

[QUOTE=cholla;2649713]How about circuit boards & chipsets ,etc for military aircraft , missles , submarines,etc.
Where is our (US) government getting those ?

If they are foreign made even partially are they in danger of this backdoor?[/QUOTE]

Most if not all circuit boards produced for the U.S military and other such government branches are designed and manufactured here in the U.S by companies such as ‘Lockheed’, ‘Tech-Tronix’ among others who are given contracts from the U.S government.

[QUOTE=StormJumper;2649699]With all the cyber ware-fare going on between the various countries kinda makes you wonder, especially when the manufacturing of computers and other gadgets are being produced in those countries that are involved in cyber ware-fare.

Paranoia sets in [/QUOTE]

I would hope that the government does not use such manufacturers!

[QUOTE=NightAngel;2649734]Most if not all circuit boards produced for the U.S military and other such government branches are designed and manufactured here in the U.S by companies such as ‘Lockheed’, ‘Tech-Tronix’ among others who are given contracts from the U.S government. [/QUOTE]

Maybe but are all the chips or chipsets used also manufactured in the US ?

That might just be what we’re told . I’m sure the government would use misinformation if the electronice for military were really being made by China for example.

[QUOTE=jsg2020;2649746]I would hope that the government does not use such manufacturers![/QUOTE]

Yeah[B]!![/B] same here but shouldn’t have to worry about that though because I don’t think the U.S government is that naive, course there is a high concern when it comes to protecting sensitive data because of the lack of security measures which I really think needs to be improved…

[QUOTE=cholla;2649753]Maybe but are all the chips or chipsets used also manufactured in the US ?

That might just be what we’re told . I’m sure the government would use misinformation if the electronice for military were really being made by China for example.[/QUOTE]

There is always room for concern but doesn’t Intel manufacture and provide such components, which they too have a huge contract from the U.S government.

What about UEFI bios??

[QUOTE=jsg2020;2649746]I would hope that the government does not use such manufacturers![/QUOTE]
In the end it doesn’t really matter. The paranoia is equal on all sides. If nobody trusts nobody all the benefits and disadvantages kinda balance themselves. For the real sensitive data there are lots of other methods of protection.

For the normal mortal consumer this is the exact reason why open source projects are very important. You have access to the source code and are able to compile your own executable binaries from it. You can see each and every line of code before using it. And on top of that it’s free.

In that case the paranoia benefits everybody, since everybody can review the code and each other.

[QUOTE=Mr. Belvedere;2649852][B]In the end it doesn’t really matter. The paranoia is equal on all sides. [/B]If nobody trusts nobody all the benefits and disadvantages kinda balance themselves. For the real sensitive data there are lots of other methods of protection.

For the normal mortal consumer this is the exact reason why open source projects are very important. You have access to the source code and are able to compile your own executable binaries from it. You can see each and every line of code before using it. And on top of that it’s free.

In that case the paranoia benefits everybody, since everybody can review the code and each other.[/QUOTE]

Yeah I’m sure everyone is concerned about this back-door.