14 DAY TRIAL // Hackers are amazing if they are the good guys, and outright scary if they go bad, but here is something that can make even the most well-meaning computer genius seem terrifying.
Viruses, malware, spyware, all of them are troublesome, some are very dangerous, but they have something in common: they can be removed by formatting the storage device on a PC.
Even if not all data is removed, safety and functionality can usually be restored by reinstalling the operating system from scratch.
Unfortunately, there are methods of secret surveillance and backdoors advanced enough that not even a full format, or changing the HDD altogether, can remove.
Well, maybe that's not quite true. We don't know of any that are in use right now. We do know how one may be created though.
At the Black Hat security conference in Las Vegas last week, Jonathan Brossard demonstrated how software could be hidden in the very BIOS of a personal computer. A backdoor can be created there, which allows remote access to the system over the internet.
The tool he used is dubbed Rakshasa and is installed on the BIOS chip of a PC motherboard. That means that the backdoor is integrated straight into the firmware, or first code, which is run immediately upon pressing the power button.
As if that weren’t scary enough on its own, Bossard showed that he could hide the code inside other hardware component chips, like network cards. Once the PC is turned on, the code can jump into the BIOS on its own.
"If someone puts a single rogue firmware on your machine, he basically owns you forever," Brossard told an audience of fellow hackers and computer security professionals at Black Hat. "Even if you change your hard drive or change your OS, you're still very much going to be owned," unless the hardware is changed altogether.
A new firmware could be developed and used to overwrite the existing one (usually a complicated and risky process), but even then there is no guarrantee that the problem is gone, especially it Rakshasa can just copy itself into the new BIOS again (provided it came via network card logic).
So far, the backdoor has successfully bypassed 43 antivirus programs. None flagged it as perilous. The only thing it needs to do to compromise the PC is an Internet connection. Once it finds it (it searches for it as soon as the PC is on), Rakshasa retrieves a small slip of code which opens the system to remote manipulation.
The matter of firmware-level security came up when particularly paranoid people (and the US Congress for that matter) worried that, since most hardware is made in China, the country might pre-install surveillance software on it.
Fortunately, BIOS chipsets have begun to use cryptographically verified code, which prevents Rakshasa from working (though we aren't sure it can't be bypassed, given time). Only a small number of PCs have this layer of protection though.