Researcher demonstrates highly persistent hardware backdoor
Spurred by the conclusion of a recent report that said that given the fact that China is the de-facto manufacturer of most IT equipment in the world, it could easily backdoor any computer well before it’s shipped to its buyers, security researcher Jonathan Brossard decided to prove the practicality of such backdooring.
He set out to create a backdoor that is persistent, stealthy, portable, cheap, that allows remote updates and provide remote access, and whose creation and deployment cannot be attributed to any individual or state.
The result was Rakshasa (“demon” in Hindu), a proof-of-concept malware that is able both to replace a computer’s motherboard BIOS and to infect the firmware embedded in other peripheral devices through PCI expansion ROMs, thus ensuring its stealthiness and persistency in case the BIOS was ever flashed.
The malware is based on free and open source software, making it harder to detect by antivirus solutions, cheap, and – given the fact that its source code is available to anyone on the Internet – not attributable.
As the current computer architecture allows things like the firmware of a CD-ROM PCI device controlling a PCI network card and peripheral devices accessing RAM, even if the original motherboard BIOS is restored at one point, the rogue firmware on one of those peripheral devices can be used to return the rogue one.
This means that for the computer to be effectively cleaned, the original BIOS must be restored and all the peripherals reflashed simultaneously – not something that typical users know how or are able to do.
Brossard says that the backdoor can be easily added to the hardware when the attacker has physical access to it, and that in the great majority of cases, the remote attack method is also successful.
Rakshasa is comprised of a custom version of Coreboot for the BIOS backend, of a custom SeaBIOS BIOS-payload, a set of PCI expansion ROMs, and a custom active bootkit which is retrieved from the network.
This bootkit is not loaded in the hard disk’s Master Boot Record, but (remotely) into the RAM on each boot, making it both practically impossible to detect and easy to unload from memory once it has done what it set out to do, i.e. modify the kernel.
Unfortunately, says Brossard, computer architecture cannot be changed to prevent this type of attack without breaking backward compatibility, so the only thing that remains to do to prevent backdoored hardware to be delivered is to include PCI ROMs and BIOS firmwares in the security audits before usage.
For more specific information about the malware and its capabilities, check out Brossard’s paper.