"Malicious circuits" could embed malware directly into hardware

Thu May 8, 2008 10:54AM EDT

See Comments (10)

You thought you had your hands full with spam and your garden-variety software viruses, eh? Well, hang on to your seat: A new type of threat is just now being tinkered with in research labs. Called "malicious circuits," the new potential threat involves designing (or surreptitiously redesigning) microchips that can perform evil deeds without having to rely on software being installed on a computer.

If it sounds theoretical and far-fetched, think again: It's already possible, and it's been proven on a microchip called Leon3. Leon3 is an open-source chip design containing 1.7 million circuits. Because it's open source, anyone with the knowhow and the inclination can contribute to the design of the chip. As a proof of concept, researchers at the University of Illinois at Urbana Champaign took the chip design and modified it through the addition of just 1,341 logic gates, a pittance compared to the overall size of the chip. Those changes give an attacker three ways to compromise the system, including a backdoor that would give anyone with the knowledge of the hack complete access to the system and another that would allow theft of any password as it's typed on the machine.

The really scary thing is that, since the attack lives in hardware, not software, it's virtually impossible to detect. For example, antivirus software can only scan your computer for active processes that are outside the realm of normal operation. But a malicious circuit requires no software, existing at such a low level as to make defense against it far more difficult. It's the computer equivalent of a double agent who's been living in deep cover for 20 years.

Because the knowledge and effort involved in such an attack is so extreme vs. that of a software-based attack, malicious circuits aren't likely to be a major threat for the average user, but the potential danger here is real. All it would take is for one designer to target a popular chip design, then lay low as it's shipped into the industry. Imagine what might happen if an Intel CPU was compromised. Highly unlikely, sure, but devastating if it ever came to pass.

Post Comment See Comments (10)
This post has not been rated yet.

Sign In or Register to rate this blog post

Comments on "Malicious circuits" could embed malware directly into hardware

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

1 Posted by miller6994 on Thu May 8, 2008 12:00PM EDT Report Abuse
Sure the virus and malware slime are out there in the software realm, but in the firmware realm there is an implied trust. If that were to go away then we are all screwed.
2 Posted by rogueist on Thu May 8, 2008 1:21PM EDT Report Abuse
It's been done many many many times before in the past, and is such a problem that the DoD requires that major chip components be manufactured on US soil only today.
3 Posted by allita@sbcglobal.net on Thu May 8, 2008 4:42PM EDT Report Abuse
What do you
4 Posted by alan_r_cam on Thu May 8, 2008 5:23PM EDT Report Abuse
rogueist, are you saying that Intel must shut down all the manufacturing plants in Ireland ?
5 Posted by agustin2489 on Thu May 8, 2008 6:05PM EDT Report Abuse
My, my rogueist. I don't think I'm blunt in saying that you troll, sir. You troll. Anyway, I remember thinking about this the other day. I just thought that methods of detection were much easier to use. I don't think the home user would find malicious circuits in their computers (unless the manufacturer puts them in without their consent, etc). No, I find this more likely in settings of corporate espionage.
6 Posted by sciencetroll@verizon.net on Thu May 8, 2008 8:08PM EDT Report Abuse
im the sciencetroll
More Posts: First Prev 1 2 Next Last

Post a Comment

3000 characters left. Limit 3000 characters.

It may take a minute for your comment to appear. Please be patient and do not repost. Comment Guidelines

Christopher Null The Working Guy

Add Christopher the Working Guy to your My Yahoo! page

add to My Yahoo! rss Email Alerts

More from Christopher Null

Product Categories

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio

Today On...

Consumer Reports thumbnail
Consumer Reports

Don't Buy Without Them

For unbiased ratings and reviews on thousands of products, get expert advice from Consumer Reports. Read More

Yahoo! Health thumbnail
Yahoo! Health

Tips for Healthy Internet Use

Find a better relationship with technology Read More

My Tech

Please enable your browser's cookies to activate the My Tech column.

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.