As Windows becomes harder to crack, could virus writers start to target hardware?

As Windows becomes harder to crack, could virus writers start to target hardware?

Summary: On August 25th, security firm Symantec engineers announced they had discovered a virus that leveraged a flaw in the AMD64 CPU. This virus, called W32/W64.Bounds, was capable of binding itself to Windows executables in such a way that made it hard to detect. However, it's now been shown that this virus doesn't have anything to do with in AMD CPUs, but instead with the X86-64 instruction set itself. But could this be a sign of things to come?

SHARE:
TOPICS: Security
14

On August 25th, security firm Symantec engineers announced they had discovered a virus that leveraged a flaw in the AMD64 CPU.  This virus, Any patch applied to fix a hardware fault could  be disabled or circumventedcalled W32/W64.Bounds, was capable of binding itself to Windows executables in such a way that made it hard to detect.  However, it's now been shown that this virus doesn't have anything to do with in AMD CPUs, but instead with the X86-64 instruction set itself. 

Now, as you can imagine, the notion that 64-bit AMD processors contained a flaw that a virus could take advantage of was news that AMD was keen to make go away - with millions of 64-bit CPUs out there, the fallout from something like this could have been costly to clean up.  However, after a little more research, it's clear that these viruses are making use of a legitimate operating system feature, only working with it in a rather unusual way.  AMD can breathe a sigh of relief because, for now at least, they are in the clear.

But the fact that virus writers are now looking for exploits to target in hardware is a worrying development, and the harder that Window becomes to crack, the more pressure malware authors will put on hardware.  While software vulnerabilities can be very serious indeed, they can be patched quite quickly.  Hardware is a very different matter.  While it's possible to apply a software patch to step over a hardware flaw, that flaw still exists as long as the hardware is still in use.  Also, to make matters worse, any patch applied to fix a hardware fault could  be disabled or circumvented.

Imagine an exploitable vulnerability being discovered in a popular and widely used CPU or GPU (anything that hackers target is likely to be widespread because there's little point it looking for a weakness in something obscure).  This could, overnight, change the hardware landscape.  Patch or no patch, a seriously exploitable hardware bug in a mainstream product could kill off a product or perhaps even a whole line of products.  The economic damage to the company at the center of it would also be huge - depending on the product they could easily be looking at billions of dollars lost because of a drop off in sales, R&D and recalls.

Scary, eh?

Thankfully for hardware manufacturers, operating systems are still nowhere near secure enough to make actively searching for hardware vulnerabilities worth the bother, so I think that they are pretty safe at present.  Currently hackers and virus writers have an easy time finding software bugs - all they need do is turn over a few stones in Windows or Internet Explorer or some other popular software applications to find juicy bugs to exploit.  Why go to the trouble of hacking the hardware?  But as software becomes more robust, hardware could become a more viable target.  And if the quality of software is anything to go by, I bet that there are plenty of hardware vulnerabilities waiting to be exploited - they just need to be found.  And I also bet that antimalware companies are positioning themselves to respond to such threats.

It's only a matter of time.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • That's why

    That's why developments like the Trusted Computing Group (www.trustedcomputinggroup.org) are critical. Even if someone devoted the time and resources to crack the hardware (TPM) of one PC, they would only compromise that one PC.
    ordaj9
    • Or there's this perspective

      http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
      Omch'Ar
  • This is an abomination.

    This is scary. Everybody panic. 'nuff said.
    jsaltz
  • Flash ROM viruses 2.0?

    I remember when a similar problem arose with Flash ROM. The potential of a virus was there, but nothing widespread was ever reported. Just that FUD was enough to pretty much delete Flash ROM from the tech world.

    Now comes word that hackers are looking to use hardware holes as their exploits. This could very well kill computers as we know it.
    Mr. Roboto
  • Hardware Flaw in X86 inspired Open Source

    Halting falts to X86 hardware is what made Intel a huge Linux Open Source contributor and incouraged the move to multicore.

    We can only blame Microsoft legals who "correctly" identified the liability of hacks as being Intel's. The falts to hardware ould not be stopped even with virtualization.

    So Intel had to strick a bargan for the fix in Microsoft's Operating System products or come up with an alternative for protecting Intel from consumer law suits. The latter was chosen because it is to hard to patch at the machine code level as Microsoft requires.

    Supporting Linux Open Source was part of the strategy. Moving to multi-core, multi-processor was part of the strategy. The rest of the strategy is unclear but clearly a proper decision maker would not have played ball the way Microsoft's legals did, making what use to be a strong team player into a reluctant adversary.

    Now Microsoft shareholders are certain to suffer. Already delays in Vista. Already loss of the phone/computer market which is dominated by dual processors. Already tallent loss to what should have been obvious to Microsoft executives because the hardware changes are simply the implementation of proven mainframe tecnology. The same mainframe technology that Java was designed for.

    And yet Chase gets a 2 million bonus. Argh. The future of Software Design will eliminate design by legals.


    Frank L. Mighetto CCP
    mighetto
  • Hardware Faults encouraged Intel Open Source

    Halting faults to X86 hardware is what made Intel a huge Linux Open Source contributor and encouraged the move to multi core.

    We can only blame Microsoft legals who "correctly" identified the liability of hacks as being Intel's. The faults to hardware would not be stopped even with virtualization.

    So Intel had to strike a bargain for the fix in Microsoft's Operating System products or come up with an alternative for protecting Intel from consumer law suits. The latter was chosen because it is to hard to patch at the machine code level as Microsoft requires.

    Supporting Linux Open Source was part of the strategy. Moving to multi-core, multi-processor was part of the strategy. The rest of the strategy is unclear but clearly a proper decision maker would not have played ball the way Microsoft's legals did, making what use to be a strong team player into a reluctant adversary.

    Now Microsoft shareholders are certain to suffer. Already delays in Vista. Already loss of the phone/computer market which is dominated by dual processors. Already talent loss to what should have been obvious to Microsoft executives because the hardware changes are simply the implementation of proven mainframe technology. The same mainframe technology that Java was designed for.

    And yet Chase gets a 2 million bonus. Argh. The future of Software Design will eliminate design by legals.
    mighetto
  • Contradiction in your post...

    " However, after a little more research, it's clear that these viruses are making use of a legitimate operating system feature,"


    NOT THEY ARE NOT, the flaw is in the x86 instruction set, NOT THE OS!!!
    No_Ax_to_Grind
    • This is what Symantec has to say

      Q. Although targeted at the chip level, it seems to only function due to a flaw in the execution process in the operating system, particularly as only Windows is listed as affected. Might it also potentially be seen on other operating systems, for example, Linux, or even Mac OS considering its move to an Intel platform?

      A. It's an operating-system feature that is being used as designed, but in a slightly unusual way. The feature is specific to the Windows operating system and exists as a performance enhancement. So, while it is possible that something similar exists in other operating systems, the method that the virus uses is not directly applicable.

      http://www.symantec.com/enterprise/security_response/weblog/2006/08/virus_qa_w3264bounds.html
      Adrian Kingsley-Hughes
  • Who said windows was hard to crack

    Laughable at best. Do you honestly expect a headline like that to gain you any journalistic awards. You have to start with a statment that bears some truth. The only point is windows going to be good enough to bother cracking. Because for free Linux is getting far superior to windows.
    IceTheNet9
    • It is true ...

      Vista is harder to crack than previous versions. No doubt. Try to run much of the common malware on the OS and it laughs at it (and blocks execution). Fact.
      Adrian Kingsley-Hughes
  • First, we ...

    You still have to get the target to execute your code. That in itself requires a security flaw in the target [i]software[/i], after which any hardware failures are just icing on the cake.
    Yagotta B. Kidding
    • True

      And when you use Vista, that's what you realize - there's more steps involved in running untrusted apps.
      Adrian Kingsley-Hughes
  • Hardware Flaw?

    The real issue is still with the software not the hardware. While the virus/trojan may use the hardware to get into the machine it still infects the software and that is exploiting a software flaw. So the issue is still the OS.<br><a href="http://www.ingsoft.net">HOIATL</br></a>
    hoiatl
    • Best reply. Totally agree.

      Hit the nail right on the head.

      Again let's move to anything but Microsoft. I won't even buy their mouse and keyboard any longer. I just won't support them.

      Microsoft has had long enough and have been paid more than enough to secure their software. I for one am tired of them wanting more and more money on a product that is obsolete.

      Microsoft now even promotes this with forced upgrades. They give you a product that that barely works (being kind) and then tell you that the other OS's cost more to run when they are fine modern OS's.

      Who really needs Microsoft for the long term. The short term transition maybe. But in the next few years the world needs to move forward without them.
      slim-01