Network card rootkit offers extra stealth

Discussion in 'other security issues & news' started by lotuseclat79, Nov 24, 2010.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
  2. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    quite interesting what is possible these days. but this would either require a break and enter or something (like stuxnet) to drop the firmware and flash the card. and there is no mentioning whether the exploit is limited to Broadcom Ethernet NetExtreme PCI Ethernet cards.

    that all seems likely for an espionage scenario.

    on the other hand of course those cards could be delivered to the end user already containing such backdoor, and who knows if it is not already. as it sounds it would be extremely hard to track and trace
     
  3. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    What I don't understand is why device manufacturers are not frantically redesigning all flashable components?
    Most of this could be avoided by requiring a switch or jumper change to enable flashing. Best would be a momentary switch that enables flashing for some short period of time.
    After that, there should be a way do a checksum test on the firmware to verify the version.
    Manufacturers don't like firmware to be readable but if it's not you can't verify security.
    Now if the firmware contains a rootkit direct from the factory...
     
    Last edited: Nov 28, 2010
Loading...
Thread Status:
Not open for further replies.