Aug 3, 2012

Hardware Backdoor To End All Backdoors: Rakshasa

Blackhat 2012
Blackhat 2012 (Photo credit: sally_monster)
I happened upon a really scary bit of bad news. Announced at the recent Blackhat conference, security researcher and assembly master Jonathan Brossard discussed his little pet project named Rakshasa, which is basically a firmware flash that could put a big friggin' hole into your computer's security. Not only that, but the potential for this bad boy to be pre-manufactured in China by the Chinese government, and sold to every person in the United States isn't that far fetched of an idea.

From Extreme Tech:

At the Black Hat security conference last week, assembly master and long-time security consultant Jonathan Brossard demonstrated a proof-of-concept hardware backdoor. Called Rakshasa (which are unrighteous spirits in Hindu and Buddhist mythoi), this backdoor is persistent, very hard to detect, portable, and because it’s built using open-source tools (Coreboot, SeaBIOS, and iPXE) it could be used by governments and still grant them plausible deniability. 
To infect a computer with Rakshasa, Coreboot is used to re-flash the BIOS with a SeaBIOS and iPXE bootkit. This bootkit is benign, and because it’s crafted out of legitimate, open-source tools, it’s very hard for anti-malware software to flag it as malicious. At boot time, the bootkit fetches malware over the web using an untraceable wireless link if possible (via a hacker parked outside), or HTTPS over the local network. Rakshasa’s malware payload then proceeds to disable the NX (no-execute) bit, remove anti-SMM protections, and disable ASLR (address space layout randomization).

No biggy right because you use full hard drive encryption? Um, nope. Rakshasa could provide a really easy method to bypass full hard drive encryption programs like Truecrypt or Bitlocker by providing a backdoor login for the bad guys. The Extreme Tech article says:

The bootkit can be used to create a fake password prompt for Truecrypt and BitLocker, potentially rendering full-disk encryption useless.

The scariest part? This is pretty much unavoidable at this point. What do you think about this? Let us know your thoughts in the comments.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam