Hardware backdoors are lethal for three reasons: a) They can’t be removed by conventional means (antivirus, formatting); b) They can circumvent other types of security (passwords, encrypted filesystems); and c) They can be injected at manufacturing time.
At the Black Hat security conference last week, assembly master and long-time security consultant Jonathan Brossard demonstrated a proof-of-concept hardware backdoor. Called Rakshasa (which are unrighteous spirits in Hindu and Buddhist mythoi), this backdoor is persistent, very hard to detect, portable, and because it’s built using open-source tools (Coreboot, SeaBIOS, and iPXE) it could be used by governments and still grant them plausible deniability.
Security researcher shows off proof-of-concept hardware backdoor
Posted on Thursday, August 02 2012 @ 21:56 CEST by Thomas De Maesschalck
ExtremeTech reports security consultant Jonathan Brossard demonstrated a proof-of-concept hardware backdoor that is very hard to detect, full details over here.