At the recent CanSecWest international security conference in Vancouver, French researchers compromised a Linux PC by exploiting a feature in the machine’s network card. The same technique could be used to take control of any PC including Windows PCs that use Broadcom NetXtreme cards with the remote factory diagnostic mechanism enabled. These cards are in widespread circulation and have been used in a number of Hewlett Packard PCs. Thankfully, by default the remote factory diagnostic mechanism (ASFor Alert Standard Format 2.0) is normally turned off.
Exact details of the attack were not revealed at the conference but in another presentation security researcher Arrigo Triulzi demonstrated a similar attack on Broadcom cards. He used the remote factory diagnostic mechanism to install custom firmware on the network card. This firmware was used in conjunction with other hardware to create a tunnel into the PC in such a manner that packets sent via the tunnel were not visible to the system firewall. Using the network card’s access to memory the attacker could then run whatever code he wanted.
A patch for certain Broadcom network cards has been issued by HP:
This new attack technique is particularly scary as it takes place at a very low level and is not visible to security software running on the PC. The user would thus be totally unaware the machine was compromised. Also alarming is the possibility we may see a wave of new malware attacks that exploit flaws in firmware installed in hardware rather than software.
This new exploit is yet further proof that no PC can ever considered to be 100% secure. That may sound frightening but it’s the harsh truth. It’s also true of almost all security situations not just computer security. For example you can never provide 100% security against your house being robbed.
This harsh fact should not deter you from using a computer nor attempting to defend it as best you can. It is however a wake up call to those who have a blind belief in the complete effectiveness of their security software.
It's also a wake up call to be mindful about your computer practices. You wouldn’t ever leave valuable jewellery on your kitchen table just because you have a burglar alarm – you’d put it in a safe or store it at a bank. In the same way make sure you encrypt highly valuable information on your PC or store it offline. It’s not perfect but it’s a lot better than leaving your valuable information hanging around.
For further details on this new exploit see here:
Thanks to regular contributor Lex Davidson for alerting me to this.