LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Attacking network cards

Attacking network cards

Posted May 29, 2008 20:48 UTC (Thu) by dlang (✭ supporter ✭, #313)
In reply to: Attacking network cards by smoogen
Parent article: Attacking network cards 

many cards allow for updates from the system they are plugged into, not from remote systems.

if a hacker takes over your machine and becomes root (which is nessasary to modify the card
from your machine) there are lots of nooks and crannies in the system he can hide stuff, this
is just one more of them (including modifying the BIOS of most modern motherboards)

the network cards are not special unless they have some bug in them that allows for
modification remotely.

for many cards, they don't store the firmware on the card itself, it's downloaded from the OS
at boot time, so if the hacker can modify your kernel they can modify the firmware on the card
next time you boot (but they can also modify anything else in your kernel, so why would they
go to the trouble of targeting a specific piece of hardware when they can do it all from the
common x86 compatible cpu)

(Log in to post comments)

Attacking network cards

Posted May 29, 2008 23:09 UTC (Thu) by ikm (subscriber, #493) [Link] 

This all is of course, it's just that the parent article mentioned something about updating
cards "across the wire". Presumably meaning remotely, and, well, probably not just over SSH,
or else what's the point of mentioning it? If you've got root already then of course you can
ruin the system.

Attacking network cards

Posted May 30, 2008 8:06 UTC (Fri) by ebirdie (subscriber, #512) [Link] 

dlang: "they can also modify anything else in your kernel, so why would they
go to the trouble of targeting a specific piece of hardware when they can do it all from the
common x86 compatible cpu"

To make malware resistant to software reinstall on hardware with some reprogrammable memory.
If firmware malware works badly, it makes normal administrator to trash the hardware. If
firmware malware works fine, it sits there for long and being resistant to many current and
common schemes to prevent and detect malware. Not many of us do reflash hardware, which have
worked fine. At least it goes quite far away from current threat models.

I think the scope of target doesn't have to be limited to specific hardware, but to cracking
software, which can be run once on a compromised system. The software could know more
hardware.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds