As Windows becomes harder to crack, could virus writers start to target hardware?

Summary:On August 25th, security firm Symantec engineers announced they had discovered a virus that leveraged a flaw in the AMD64 CPU. This virus, called W32/W64.Bounds, was capable of binding itself to Windows executables in such a way that made it hard to detect. However, it's now been shown that this virus doesn't have anything to do with in AMD CPUs, but instead with the X86-64 instruction set itself. But could this be a sign of things to come?

On August 25th, security firm Symantec engineers announced they had discovered a virus that leveraged a flaw in the AMD64 CPU.  This virus, Any patch applied to fix a hardware fault could  be disabled or circumventedcalled W32/W64.Bounds, was capable of binding itself to Windows executables in such a way that made it hard to detect.  However, it's now been shown that this virus doesn't have anything to do with in AMD CPUs, but instead with the X86-64 instruction set itself. 

Now, as you can imagine, the notion that 64-bit AMD processors contained a flaw that a virus could take advantage of was news that AMD was keen to make go away - with millions of 64-bit CPUs out there, the fallout from something like this could have been costly to clean up.  However, after a little more research, it's clear that these viruses are making use of a legitimate operating system feature, only working with it in a rather unusual way.  AMD can breathe a sigh of relief because, for now at least, they are in the clear.

But the fact that virus writers are now looking for exploits to target in hardware is a worrying development, and the harder that Window becomes to crack, the more pressure malware authors will put on hardware.  While software vulnerabilities can be very serious indeed, they can be patched quite quickly.  Hardware is a very different matter.  While it's possible to apply a software patch to step over a hardware flaw, that flaw still exists as long as the hardware is still in use.  Also, to make matters worse, any patch applied to fix a hardware fault could  be disabled or circumvented.

Imagine an exploitable vulnerability being discovered in a popular and widely used CPU or GPU (anything that hackers target is likely to be widespread because there's little point it looking for a weakness in something obscure).  This could, overnight, change the hardware landscape.  Patch or no patch, a seriously exploitable hardware bug in a mainstream product could kill off a product or perhaps even a whole line of products.  The economic damage to the company at the center of it would also be huge - depending on the product they could easily be looking at billions of dollars lost because of a drop off in sales, R&D and recalls.

Scary, eh?

Thankfully for hardware manufacturers, operating systems are still nowhere near secure enough to make actively searching for hardware vulnerabilities worth the bother, so I think that they are pretty safe at present.  Currently hackers and virus writers have an easy time finding software bugs - all they need do is turn over a few stones in Windows or Internet Explorer or some other popular software applications to find juicy bugs to exploit.  Why go to the trouble of hacking the hardware?  But as software becomes more robust, hardware could become a more viable target.  And if the quality of software is anything to go by, I bet that there are plenty of hardware vulnerabilities waiting to be exploited - they just need to be found.  And I also bet that antimalware companies are positioning themselves to respond to such threats.

It's only a matter of time.

Topics: Security

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.