Malware that attacks DMA and hides in peripherals
This technically applies to all OSs, not just Linux:
http://www.scmagazine.com.au/News/35...ripherals.aspx Quote:
|
I'm confused!?!?
Doesn't the firmware for peripherals get loaded at boot time? How would malware survive in there? |
Quote:
Quote:
|
Quote:
If that's the case, wouldn't it be reasonable to run a malware check on firmware before it's loaded into the GPU? On the other hand, it seems that anyone who could replace the firmware with malware either has access to the target system or to the repos. In the former case, the administrator of the target system has serious problems anyway and in the latter case, the entire community has a major problem. (at least, whichever community is using that repo) |
Quote:
Quote:
|
Quote:
Either way, however, you still have to get the malicious code loaded into the GPU before it can execute and effect any transfers. Quote:
Keep this in mind; a.) only firmware files need be checked b.) only signature of malware capable of 'stealthy' operation need be checked. You can read the full paper by Patrick Stewin and Iurii Bystrov to get a better understanding of how this malware would operate. |
Quote:
Quote:
|
Quote:
"DMA Malware Fulfillment. We designed and implemented our DAGGER prototypes according to the DMA malware definition described in Section 4. (C1) is clearly fulfilled since it implements working keystroke logger functionality. DAGGER needs no physical access for the infiltration process (C2). We infiltrate the ME environment using a software based exploit during runtime. DAGGER exploits dedicated hardware to implement rootkit properties (C3)." Quote:
However, after going through the paper a bit, I noted this; "Checking firmware images at load time, as proposed by the Trusted Computing Group [32], does not prevent runtime attacks." So scanning the firmware files would not prevent all instances of such malware. Though it would still be pretty good start. |
Quote:
Quote:
Quote:
Quote:
|
Quote:
You would not need, or even use, an anti-virus program during boot-up. I'm thinking more along the lines of a file integrity scanning routine as part of the booting process. We already run fsck on the hard drive, would a scan of firmware files be so much of an extra burden? |
All times are GMT -5. The time now is 05:29 AM. |