LEDs Light The Way To This Backdoor

A curious trend for some years in the world of PC hardware has been that of attaching LEDs to all the constituent parts of a computer. The idea is that somehow a gaming rig that looks badass will somehow be just a little bit faster. As [Graham  Sutherland] discovered when he wanted to extinguish the LEDs on his new Gigabyte graphics card, these LEDs can present an unexpected security hazard.

The key to their insecurity comes in the Gigabyte driver. This is a piece of software that you would normally expect to be an abstraction layer with an interface visible to your user level privilege, and a safe decoupling between that and the considerably more security sensitive hardware layer from which the LED bus can be found. Instead of this, the Gigabyte driver is more of a wrapper that simply exposes the LED bus directly to the user level. It’s intended that user-level code can easily bit-bang WS2812 LEDs without hinderance, but its effect is to provide a gaping hole in the security layers intended to keep malicious code away from the hardware. The cherry on the cake is provided by the discovery of a PIC microcontroller on the bus which can be flashed with new code, providing an attacker with persistent storage unbeknownst to the operating system or CPU.

The entire Twitter thread is very much worth reading wether you are a PC infosec savant or a dilettante, because not only should we all know something about the mechanisms of PC backdoors we should also be aware that sometimes a component as innocuous as an LED can be a source of a security issue.

Thanks [Slurm] for the tip.

Gigabyte motherboard picture: Gani01 [Public domain].



from Hackaday https://ift.tt/2nOh6GN

Comments

Post a Comment

Popular posts from this blog

Fleksy + GIF Keyboard v9.0.0 [Premium] [Latest]

Fleksy is the most fun, customizable way to type, and officially the fastest keyboard in the world. Find and send GIFs & Stickers, and customize your keyboard with powerful extensions & colorful themes.. Use Extensions like: GIFs, Hotkeys, Number Row, Cursor Control, One-Handed Typing, Stickers, Rainbow Key Pops and more. • “This is much better than your standard input methods and predictive text engines.” – TechCrunch • Killer text prediction that works with even the sloppiest of writing – TIME MAGAZINE Really awesome app and best keyboard in whole playstore Please remain like this forever and don’t become like other app which gives so much advertisement and gives so much of trouble so be good like present. It is the The post Fleksy + GIF Keyboard v9.0.0 [Premium] [Latest] appeared first on APK4Free . from APK4Free http://ift.tt/2uy8jbp
Read more

Clipboard Manager : Clipo Pro v8.19-pro [Paid] [Latest]

Clipo creates quick and smart actions for your copied text and shows them as a notification or a intuitive and beautiful list in the app! Features: Cloud Backup and Sync across multiple devices! See all your clips, in a clean and intuitive materially designed list! You can quickly copy an older clip to the Clipboard for using! Search: Get a quick action to search the copied text on the search engine of your choice – Google, Bing, Baidu, AOL, DuckDuckGo! Call: Filters your clips and detects phone numbers to give you a one tap to call experience! Add to Contacts: Filter phone numbers and quickly add to contacts! Open Link: Quickly open a link in your clip! Shorten Link: Quickly The post Clipboard Manager : Clipo Pro v8.19-pro [Paid] [Latest] appeared first on APK4Free . from APK4Free http://ift.tt/2wGr9ht
Read more

VPN 365 – Free Unlimited VPN Proxy & WiFi VPN v1.6.0 [Ad-Free] [Latest]

VPN 365, the best free high-speed WiFi VPN with unlimited proxy connection time. Offers you the freedom to access your favorite content, websites, apps, videos from anywhere and encrypts your internet activities to protect you from hackers. Why use a VPN? To view websites restricted in your region For a more secure internet environment: When connected to a VPN, your IP Address will be hidden when you surf the internet, so no one can track your browsing activities. If you are on a business trip or studying abroad, a VPN is your great tool to use. How to use VPN 365? Tap the Connect button in the app, accept permission request if it shows up, and wait for the connection The post VPN 365 – Free Unlimited VPN Proxy & WiFi VPN v1.6.0 [Ad-Free] [Latest] appeared first on APK4Free . from APK4Free https://ift.tt/2yZWC0o via
Read more