- SandBox Information Center
- Malware Analysis Search
- Articoli sulla sicurezza
- Blog sulla sicurezza [EN]
- Livello di pericolosità [EN]
- Minacce attuali di virus
- Tipi di malware [EN]
- Descrizione dei virus [EN]
- Statistiche sulla posta elettronica [EN]
- Testi, white paper generici ed altro
- La tecnologia Norman
Diversification of attack vectors
Introduction
During the Black Hat security conference in Las Vegas, USA, the security researcher Charlie Miller presented a method for compromising the batteries that are shipped with several of Apple's Mac computers.
Miller was able to do this by accessing the batteries microcontroller chip, which turned out to be shipped with default password. According to Miller's presentation, compromised batteries have the potential for being a bridge to access the computer's operating system. Such an infection would be very difficult to get rid of until one examines the battery as the source for the infection - an option that is far from obvious.
Miller's Black Hat presentation, whitepaper and tools are available from Accuvant's web site.
Miller's research highlights a more general issue that will be discussed in more detail below.
New devices ready for attack
In our security article in March last year - New devices vulnerable for Internet based attacks, OR: The future is here - we wrote about how the computer systems in cars were accessible from the Internet, and potential security implications. That article, as well as Miller's research, illustrate that the attack surface is no longer limited to attacking the operating system and applications in traditional computers.
For several years, we have been aware of the fact that mobile devices like phones are open for attacks. However, since lots of other types of devices, as well as built-in components in devices, are becoming increasingly sophisticated and include separate "computers", these may also be attacked.
The first of several general points that we will make in this article is:
1. Any computerized system may be attacked and potentially compromised.
Indirect attacks
Today's advanced attacks are not directly aimed at the target itself. The smart cybercriminal will look for any weak spots and use this as a stepping-stone for her real target.
One typical approach is a tailored email to someone in the targeted organization. By tricking the recipient to opening such an email's attachment or visiting a malicious link in the email, the email recipient will be compromised, and this may in turn lead to further access to the cybercriminal's ultimate goal.
The most advanced example of this is probably the technique used by Stuxnet, which had functionality to reach its real target computers by initially infecting other computers in the target organization.
This leads to another general point:
2. A system may be targeted indirectly through other vulnerable systems.
Targeting peripheral devices as an indirect attack
In July this year, we discussed "the trojan mouse" in one of our security articles.
This is an example of targeting a system through a peripheral device. Similar examples are numerous - infections through USB sticks and the like are the most used technique.
3. A system may be compromised through attached devices.
Targeting a system through built-in components
This brings us back to the beginning.
Miller's research shows that it might be possible to target a system through vulnerable built-in components. If one component (the computer's battery in Miller's study) has access to the main system (the computer's operating system), the built-in device represents an additional attack vector.
Since such built-in components are getting increasingly sophisticated, this type of attacks may be expected to be more and more tempting for the advanced attacker.
Thus, our final point will be:
4. A system may be attacked through vulnerable built-in units belonging to the system.
Conclusion
Computer systems are becoming increasingly sophisticated and complex, with components that are individually computerized. This increases the attack surface for cybercriminals, and represents a challenge for users and the security industry.
Some references for further reading
- Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries (Forbes, Andy Greenberg's blog 22 July 2011)
- Apple left default passwords in batteries, making them vulnerable to hacks, explosion (International Business Times, 31 July 2011)
- Battery Firmware Hacking, Dr. Charlie Miller Black Hat USA 2011 (Accuvant's web site)
