The Ultimate Backdoor: Hackers Can Infect Your Processor

Software bugs and computer viruses were hackers' favorite means of taking over your computer. However, things could get a lot worse with the advent of a new threat, that aims directly at computers' hardware components.

A group of researchers at the University of Illinois at Urbana-Champaign managed to hack into a computer processor, then gain full control over the infected system. Setting this kind of backdoor is not piece of cake, but once carried to completion, it won't be detectable neither by user, nor by antivirus software.

The researchers used a specially crafted, programmable microprocessor that runs on a Linux operating system. The microprocessor would inject malicious firmware into the main processor's memory, a type of code that allows a remote attacker to seize control over the entire computer. The altered firmware affects only a small portion of the processor's silicon (1,341 logic gates out of more than 1 million).

According to Samuel King, an assistant professor in the university's computer science department, this exploit is extremely efficient and works independently. "This is like the ultimate back door," said King. "There were no software bugs exploited."

The team yesterday demonstrated the attack using a LEON processor running the Linux operating system. The LEON design is somewhat similar to Sun's SPARC series of processors, that power a large number of servers worldwide, including the ones in the International Space Station.

The attacker only has to send a network packet to the target computer, that would trigger the firmware rewrite. Right after the rewrite is complete, the attacker can log on to the system. "From the software's perspective, the packet gets dropped… and yet I have full and complete access to this underlying system that I just compromised," King said.

This kind of attack is 100 percent efficient, but in order to succeed, hackers would have to install a malicious CPU onto the target computer, which is extremely difficult. "This is not a script kiddie attack," he continued. "It's going to require an entity with resources."