B1 中級 8 分類 收藏
There's been this article recently a report about a hardware hack
I just thought the interesting sort sure about what you think about it and whether it's something that is easy to do or always
possible the original article alleged that
Certain servers being supplied to companies were being
doctored for developers with extra Hardware being added so that they could then be used to
Exfiltrate information from the companies. The report seems to have been discredited quite heavily by
Other parties whether it actually happened or not. I don't know. I'm not seen any of the servers
I'm not a hardware or cyber security expert but it's certainly an interesting question to talk about
Well, what would you be wanting to do? And why would you want to say perhaps do it in?
So, I've got a server motherboard here so it's a standard machine but often servers come with extra support to make them configurable
So this is an Intel Xeon
Processor and this is a for management control when installing lots of servers
You will put them in racks of places in your data center
you've got
Necessary storage cooling and things and one of the things you don't have to do is when something goes wrong
You need to reboot your machine to have to sort of find out where the machine is
Turn it off and on again plug a keyboard and monitor in it to do any sort of maintenance on it
So what modern servers do is they have these chips on there which generally computers in their own?
Right and they enable you to connect to the machine?
Even when it's switched off and do certain things with it, like turn it on turn it off and even interact with it
So I've got a machine at home with all of these things in and if I just bring it up
I'm now connected to it and it's got those things so I can look at the sensors see what the fan speed is
I've got options to turn it off. Turn it up. Turn it back on again reset it
On some of them I can either
reflash the
BIOS or the UEFI in this case and generally managed to the server and to the full extent that I can actually
Bring up effectively a virtual console a virtual keyboard and display
as it's done here where I can interact with the machine so I could
Login put a ISO image of a CD or a DVD in there and install the operating system
Why would you be wanting to do this?
And why would you decide to do it via hardware rather than just getting someone to run some malware?
And so we need to sort of clot back and think about this. So the alleged what's happened, is that the third party?
Needed this decided they wanted to infiltrate
Hackney computers Hackney computers made up an identification with actually be the company's live-in go to see should be
Animals were harmed in making this completely absurd Hackney computers that ordered I say
Several thousand servers and so because when you're building that menu it's going to be a special order
so, you know probably who they're going to and the
The story goes that an extra chip was inserted onto the motherboard of those machines that were destined for
Hackney computers, I fully believe that it's possible to do this
I think there's enough ways. You could connect things and actually what we want you to do
We want you to get our code running inside their
environment now if you think about a traditional
companies where they traditionally lay out
Their data centers and their networks is that you'll have a perimeter firewall around things to stop things getting in
It's a bit like the old fashioned medieval castle right once you're inside the castle wall
you've got a moat around it and the drawbridge of the trough was just pulled up then you can't get in but if you've got
someone inside already
Perhaps is away by a shining light shooting an arrow over the walls that they could communicate
One possibility is that they've added a little bit of extra code
Into the board management control and that ship contains that extra code and then they've got a machine
Very low powered one on the inside of the network
While that forward management control of the BMC is likely to be on a network which is limited in what it can connect to
It's probably likely to be able to connect to other board management controllers on the same network
And of course as we've seen you can connect to the board management controller
You can then log into the machine. So one potential
thing is that they
Use the board management control in the same way that we might put a Raspberry Pi or the cheap computer on the network
And then we can use it as a staging pose to connect to other things these board management controls that can also
Do things like flash the BIOS? And so it's potential that actually this is used as a sort of a
Staging post to actually attack the machine itself
And again, I think you would we have to assume that they didn't actually know what was going to be running here
They could probably hazard a guess at the operating system and unlike the board management controller
That machine probably is likely to be able to connect directly out to the internet perhaps to download software
updates and things so normally when a machine is running you have
different modes a CPU can be executing in you have a
Sort of mode where the machine has access to everything and that's where your operating system works and depending whether you're on
x86 and armor six eight thousand machine it might make me known as
ring zero kernel mode supervisor mode
But at that level you've got full control of the hardware the machine if you can do that you can then stop it being seen
By people using the machines you can hide it sort of rootkit as it tends to be known
but you think I'll probably get it running as
Supervisor mode and there's two ways. You can do it one. You can find some sort of exploit
Some part of the operating system that isn't well written so that you can get it tricky to start running your code
And so that's where you see the sort of exploits
things you find some way of tricking the software to do something that didn't intend to do make use of that to
Take control of the system
The other option is that you just get the code loaded in the place. It's the operating system
So you modify the operating system itself when this machine shipped to hack me computers
Then pack free computers will install that operating system of choice and see what you can't modify that then
But how does that operating system get loaded off? Well that gets loaded off disk by another program called the bootloader and
The bootloader is a program on the disk
which gets loaded by the bios or the UEFI and the bios of the UEFI depending on the machine is on an EEPROM on
The motherboard which can be flashed by the board management controller
And so you can see another potential way that you could hack the machine is that you say, okay
I'll put some hardware on the machine which modifies the board management controller
modify the bios of the ufi to modify the bootloader
after it's been loaded because the voice has the permission to do that at that point to modify the operating system after that's loaded to
Embed the malware
I want to get executed and so it'd be a nightmare to be over because he running software
Which modifies software which modifies software?
Which modifies and I think I've got the right number of levels of indirection there
Actually, there is another way you could potentially trick things there in that
We talk about ring zero being the lowest level but actually when we've added support for virtual machines and hypervisors is now a ring
Minus one as it tends to be referred to and so it's potentially possible that you could actually get a hypervisor
running before
Anything else on the machine and so the machine was running in a virtualized environment that they didn't know about
So that's another potential way of doing it and again you then have access to be able to scrape memory and find
things that were the software you can put it on let it run delete it and
It's as if it was never there type sort of thing with the hardware
You can't really get into the dead center necessarily and take all the chips out that you've put in there
So you probably will make the chips look like they're meant to be there like they're something else or hide them
So the way a modern printed circuit board is constructed is a printed circuit board that Scott several layers of fiberglass sandwiched together
With traces of the tracks of the circuit running through them
So you got the top layer and the bottom layer but often several three or four layers inside as well
These only got six layer PCBs and things
the story goes that actually now the chips are so small that they're embedded between the layers of the printed circuit board so that actually
You wouldn't necessarily notice it. I think you'd want to design your
Hardware exploit still make it look like it was meant to be there
it's only if you had sort of one with it and one without it that you perhaps
Noticed that there was something odd about that machine
Detecting it would be difficult. I mean the stories
They've been sort of suggested are that they're detecting it mainly through odd network access
And so again that suggests what the software is doing it is connecting just other machines that I was not expected to
either inside the company or outside the company and
accessing things in a way that you wouldn't expect you to do and that is probably your sort of best bet for
Detecting these sort of things is all these machines doing what you want them to do
And the best way to do that is to sort of monitor your network and run software
Which is sort of learning what's expected traffic and non expected traffic and liking things because obviously if you've got a huge data center
Thousands of machines in it spotting the needle in the haystack
Is a tricky problem so they may not connect directly to a server and upload it all
But it may well be that they just do a domain name lookup on
Certain domains depending on certain bits of data being there. And so and that's enough to tell people that actually ok
This machine here is just that requested a specific domain that
Doesn't exist
that means that it's found what we asked it to look for and we've just returned a specific IP address perhaps that says go and
Destroy all the machines at Hackney computers or whatever is you wanted to do
Which means that we don't tend to use it very often horse is much further up the list
So a correct and batteries further up the list as well. I mean, we all have phones we talk about batteries all the time. So
If you hypothetically picked for words that were in the top 500 then suddenly the search base is 500 to the power 4


Hardware Hacking - Computerphile

8 分類 收藏
林宜悉 發佈於 2020 年 3 月 28 日
  1. 1. 單字查詢


  2. 2. 單句重複播放


  3. 3. 使用快速鍵


  4. 4. 關閉語言字幕


  5. 5. 內嵌播放器


  6. 6. 展開播放器


  1. 英文聽力測驗


  1. 點擊展開筆記本讓你看的更舒服

  1. UrbanDictionary 俚語字典整合查詢。一般字典查詢不到你滿意的解譯,不妨使用「俚語字典」,或許會讓你有滿意的答案喔