Hackers Use Network Card Firmware to Deliver Payload

Dennis Faas's picture

Cybercrime is often likened to a never-ending cycle: just when a security company believes they have found a way to combat one malware-installation method, hackers come along and find a new ways to attack a computer. Thus, it should come as little surprise that there is a new hack that attacks network card firmware: software specifically designed to control the network card.

This innovative hacking technique (dubbed the "Jedi Packet Trick") works by sending infectious network packets to the network's firewall, which needs to be running a vulnerable network card. Once an infected packet is received, malicious firmware is silently installed. The malicious update is then leveraged to seek out and attack a second vulnerable networking card, creating a firewall-free tunnel into the network. (Source: idg.no)

Network Firmware Hack Particularly Troubling

This method greatly concerns security officials, since networking cards have direct access to the computer's memory, which exposes the computer to other threats.

The "Jedi Packet Trick" is not the only networking card vulnerability currently making its rounds, however. Two researchers from the French Network and Information Security Agency have proven that bugs can (and most likely do) exist in an obscure remote-management feature in Broadcom's NetXtreme cards. Fortunately, this proof of concept came in the form of a controlled attack performed by researchers.

The controlled attack gave the researchers a "back door" route onto a Linux computer. The virus can be modified to target any operating system. For the NetXtreme attack to work, however, the card must have enabled a remote management feature called Alert Standard Format 2.0.

Firmware Technologies Threaten Corporations

The purpose of raising this awareness is in an effort to entice large companies to put in some serious thought when they develop firmware-based technologies such as Intel's Active Management Technology and Intelligent Platform Management Interface. The problem, according to one of the aforementioned researchers, is that "hardware is using too much embedded software." (Source: yahoo.com)

Long-term changes to hardware would be a step in the right direction, but security officials have a more pressing issue to combat in the interim: controlling the spread of an attack whereby a machine is infected without even noticing that it has been compromised.

Rate this article: 
No votes yet