HackerTrans
TopNewTrendsCommentsPastAskShowJobs

newsDerp

no profile record

comments

newsDerp
·8 năm trước·discuss
Figure it's custom silicon, given the nature of the story, and "magic" in the sense of "magic number programming" to time the attack.

https://en.wikipedia.org/wiki/Magic_number_%28programming%29

For example, looking for ELF or Portable Executable headers, as a crude estimate to determine attack opportunities. In this case, the magic numbers would probably be more selective and sophisticated, but still have an aspect of hard-coded values, since we're talking custom silicon.
newsDerp
·8 năm trước·discuss


  5. When a server was installed and 
     switched on, the microchip altered 
     the operating system’s core so it 
     could accept modifications. The chip 
     could also contact computers controlled 
     by the attackers in search of further 
     instructions and code.
So, in typical vulnerability/payload/exploit fashion, the board's bus is vulnerable by default, because the chip pierces all the usual lines of defense protecting against network and operator I/O. It carries a payload intended to target very common features used everywhere commodity servers are used, one that likely listens for DMA traffic on the bus, and alters the signal stream, by escaping upon the occurrence of a magic sequence, and inserting its own signal, before resuming the authentic stream in flight.

The payload could be pretty small, since the server boards are likely using OS packages that match the chipset. This limits the software to a small set of well known targets, Linux, Windows, Apple. Target their kernels, and you only have to snip out a small chunk of bytes, and splice your own pre-defined package in. Splice in a miniature runtime, that operates a turing complete set of operations, and open up a listener that waits for network access, and now, your payload can enable arbitrary code execution, irrespective of permissions.

Now, to exploit, the payload needs to time the opportunity to splice itself onto the disk correctly. If certain well-known chunks of code will always exist in each given operating system, then with every disk access event one just needs to wait for the inevitable moment those magic system-specific bytes travel over the bus, in order to replace the known bytes with the poisoned modification. Events might target when the bytes are originally installed with the OS, or every time the OS reads those known bytes back into live memory, from any source.

The total payload package could probably fit inside a couple of megabytes, pack on a few more for the "listen & splice" part of the attack to round out the entire mass, and all we know how much data an SD card can fit into say... five grains of rice?
newsDerp
·8 năm trước·discuss


  Can anyone here think of [...] 
  how [...] this experiment 
  could [be] squeezed into 
  a form [...] as the next 
  big [...] thing?
This is definitely firmly in the "Internet of Things" genre of niche interests. Remote power monitoring and other system diagnostics for systems designed to account for expected faults, and manage their own capacity to operate, for sure are useful for internet managed consumer appliances.

Right now we only think in terms of wi-fi routers and phones, but when 4 out of 5 useless gadgets (oh boy! internet-enabled shampoo bottles that also can advertise hair gel! yaayy!) have a battery and 5G internet, an RSS/JSON/XML feed of their status will be abundantly relevant.

To... someone. Probably not me, but I'm sure someone will want this.
newsDerp
·8 năm trước·discuss
Yeah, as a random viewer, I really only need to know that the power is running out when the last bit of charge is nearly used up, at like 5% maybe.

I have no concept of whether even 10% means another hour or another year, and since it's load dependent, neither do they. If the power is at 75%, what do I care?

It really belongs on a status page, and as a banner, pinned to the top of the page. If anything, it motivates random people to slam the page with more hits, just so they can watch the meter move.

That was my second impression, once I realized what it was. I wanted to watch for a chnage. My first impression was that the styles were defective, it was a scripting error (until I read that extra fluff was eschewed) or whatever, but I just wanted to find a way to make it get out of the way, so I could read without the distraction, so I started looking for "dismiss" icons, to close a broken pop-up.

Then I noticed the Sun icon and the percentage, and realized it was a meter.