undefined | Better HN

0 pointslawnchair_larry12y ago0 comments

Really? Can you name one?

0 comments

Anything that lives outside of userspace.

If one has root and patience - flash BIOS and wait for a coldboot. One can even get an IP stack to pull down new firmware between boots. The user sees a normal post screen and your hypervisor sees normal hardware adapters.

See Jonathan Brossard's 'prior work' slide from his Defcon talk on his work [1] for more details on the state of X86 backdooring.

'Trusted computing' and all that.

[1] http://www.youtube.com/watch?v=yRxDvkKBMTc

https://media.defcon.org/dc-20/presentations/Brossard/DEFCON...

lawnchair_larryOP12y ago

I know how they work, I'm asking GP to name one that he could have used. There isn't actually much "out there" that is undetectable. You'd likely have to write your own, which is highly non-trivial.

trotsky12y ago

Obviously undetectable isn't true, but i'd guess that kbeast is likely to go undetected in all but the most prepared operations. Forensics shouldn't count since you already know you're fucked by then.

ttrreeww12y ago

You get what you paid for.

j / k navigate · click thread line to collapse