How do we check hardware for viruses? Is there a guide or procedure for this to be 100% sure any hardware you are dealing with is free from microviruses?
Im particularly concerned about motherboards since the bios can easily be used for malware and motherboards come in open unsealed boxes. Technically nothing is stopping someone from taking it out the box, reflashing the bios with a malicious one and then putting it back in the box.
Other urls found in this thread:
youtube.com
security.stackexchange.com
twitter.com
This is a start.
youtube.com
Bump
how am i suppose to know what the fuck this nerd is talking about
You're fucked user, most of the hardware people use run on proprietary piece of shit firmware and there's no way to actually check that it's not doing something malicious unless you want to spend years of your life to reverse engineer them one by one.
Even if you could check for "viruses" (read: everything working as intended) what exactly do you think you can do about them? Do you really think you as an individual can protect against multibillion dollar corporate interests? The national security interests of governments?
Even if you KNEW everything that was going in, it's written into the very infrastructure of everything digital you interact with. The best you can hope for is to secure yourself against as many smaller, less monopolistic interests as you can
Theres nothing that can be done about proprietary firmware indeed, i’m only talking about a third party/someone that is not the manufacturer putting stuff on it.
Oh, well in that case there is a lot you can do about it. Some sites you may be interested in are privacytools.io, and the installgentoo wiki pages on security/privacy. I use ungoogled chromium with ublock and the nanodefender scripts, as well as umatrix set to block third party js. Simplewall is a nice thing to have. There are sites dedicated to testing for leaks of your browser, ports, internet fingerprints, etc. that you might want to seek out as well. And probably most importantly, get a vpn.
I appreciate your input and i do most of this stuff already, but this is not what im talking about.
Im talking about how would we check for malware on hardware that has its own firmware and could be uses for delivering malware with relative ease, like for example a bios. I use motherboards as an example because they come in unsealed boxes and nothing is stopping anyone that can get their hands on it between its journey from the factory to your house from installing malware on it. A second very likely scenario is second hand tech. Generally we’d say to never use second hand storage devices, but when you take into consideration firmware now you have even bigger security problem that cant be solved with a simple virus scan.
My question is how do we check firmware/ROMs for malware basically.
Don't buy used hardware off Ali.
Its something similar to spectre and meltdown
If you are too dumb to follow along with a black hat presentation, you are too dumb to actually go to the efforts required to ensure you are 100% virus free.
In his defence this stuff is pretty advanced
Tbh you’re even at risk with non used hardware from Ali, kek
Modern CPUs with IME and PSP are safe, since the Botnet CPU stops viruses.
Other CPUs you reflash firmware.
Motherboards can be reflashed as well, or checked and replaced.
Actually you it may not be possible to reflash an infected bios, at least not the normal way.
security.stackexchange.com
Though some people doubt the validity of this because he also claims that the malware was able to spread to/communicate with other devices through the speaker and microphone on the laptop by encoding messages in audio.
Regardless, its not a leap to assume that if you try to reflash an infected bios nothing will happen because the flashing operation is performed by the (bios itself, which is infected and obviously wont allow itself to be deleted.
Dumping the bios to read it may also be a problem because of this as it too is performed by the bios and it may just dump something else than what is actually on the bios.
drive controllers can have malware too
write a fresh copy of the firmware onto whichever chip is being cleaned
if the CPU's sooper sikret security memory is infected you're fucked, burn the CPU with thermite to exorcise it
>write a fresh copy of the firmware onto whichever chip is being cleaned
But what about>Regardless, its not a leap to assume that if you try to reflash an infected bios nothing will happen because the flashing operation is performed by the (bios itself, which is infected and obviously wont allow itself to be deleted.
Doesnt only apply to bios btw
>if the CPU's sooper sikret security memory
How would that even happen?
In that case you know it's infected, so it being infected is irrelevant security wise.
First, define what a microvirus is in technical terms using formal logic. Then represent the architecture as a logic program, and simply run the resolution method over your CPU.
No you dont. If it does indeed dump a false image you wouldnt know its infected
A virus running on firmware. You can forget about that term if you like
That's insufficient, please look up examples of resolution method.
Addendum, while the method has a consice algorithm, it's an NP-hard problem.
TPMs and signed firmware honestly do a pretty good job, but then you can't replace the firmware running on your machine at all
Like i said, if the term confuses you just forget about it. Its virus running on firmware.
Thats defending against attacks, but what about detecting it? Say if i put in front of you a motherboard and told you to check if its infected, how would you go about doing it (keeping in mind)?
afaik the tpm measures all parts of the boot process, which would include firmware, option roms, the mbr, and so on
you can't really use it to detect if someone just soldered on some shit though
Assuming open source, build from source, flash and compare.
If proprietary, only hope is the integrated security.
That's not exactly what I want. Without going into detail, what you want is near impossible because you have to formally define what a virus is, model out the CPU perfectly like a logic program, and simply see if any combination of funcitonalities in the CPU makes the predicate microvirus(functionality(CPU, ...)) true.
In other words,
for_each cpu_state in CPU
if(microvirus(cpu_state))
return true;
return false;
This is the best general solution we have, there is no algorithm to say whether a piece of code is a virus because that's NP-hard, as is the code above. Why? Every CPU has a finite number of transistors, therefore a finite number of states. However, states change upon input so your microvirus() predicate must in term iterate over every single input a CPU can take, which is infinite. Hence the CPU may not halt. Therefore the best solution we have for checkign a CPU for viruses is NP-hard as the halting problem is reduced to solving it.
>impossible because you have to formally define what a virus is,
If you have trouble understanding the concept of a virus then this topic is probably beyond your capacity.
So you’re saying that if you tried to boot an MB with a modified bios or MBR the TPM wouldnt allow it to boot or what?
That sentence is so naive given your inability to sit down and write what a virus is in technical terms and formal logic.
i think it'd store a different value in its registers, which you could use as a part of a disk encryption key for example
as far as i'm aware you can't mitm it either, but i'm not sure
If we had to explain every term we use every time we use it we wouldnt be able to discuss anything. If you need every well known term spelled out for you this clearly goes beyond you, you’d be better suited dealing with something simpler and more in line with your capabilities
Different value of what?
If you cannot define what a virus is, then you cannot possibly look for or even find one, end of story. Everything else you are saying is the usual drivel and wishful thinking. I clearly explained that even given a perfect and unambiguous definition of a virus, the best we can do is somewhat optimised brute force. So, the answer is no, you can't do anything about microviruses because you cannot define microvirus or virus in the first place.
I dont need to. I didnt invent the word, its a well known term with an agreed on definition. If you dont know or understand that, thats your problem. Its your responsibility to do some independent research and have an understanding of the things you talk about before you do. Im not gonna waste my time teaching you.
You seem to be confused, I'm the one who understands this and you're the naive idiot. If you don't have a rock solid definition of a virus, you cannot possibly look at code and find one. Let's assume my definition of a virus is non-formal and ambiguous, then there exists a code block that will act as a false positive, and a corresponding code block as a false negative (won't be caught).
It's a fools errand to whine about vulnerabilities and viruses if you have no clue what they are actually when the rubber hits the road.
You dont understand. I have such a rock solid definition you couldnt even comprehend how solid it is, believe me. Im just not willing to waste time explaining it to someone who wouldnt be capable of understanding.
I read that in donald trump's voice, you're that stupid.
A virus is any piece of malicious code, whether the maliciousness is intentional or not.
If you have the source code available this is an relatively easy thing to spot.
>some retard undergrad just took intro to logic and tries to sound smart
What you're proposing is both stupid and impractical
>GLUMP BTFO
>I don't have a rock solid definition of food so I can't possibly find any
Boy it's a miracle my ancestors survived
He is literally asking people to explain the definition of a virus to him. He obviously has a single digit IQ.
So many of your ancestors died to toxic food, humans had to eat meat because it's easier to tell when it's off rather than vegetables that just get mushy. We have trypophobia because the image of maggots crawling out of holes means DO NOT EAT.
So what does malicious mean?
Thank you user, awesome talk.
Too bad you two nitwits had to derail this. Could've been a nice thread.
There was nothing to derail. I can't whine about ugly DE's in linux if I can't name a beautiful DE.
Yes, if I'm trying to sound smart I'll call it a heuristic. I'm glad you realize they exist after claiming that without a rock solid definition of virus you can't find any.
There is a simple definition of malicious, which is any code that grants others unauthorized access or control to your data. If you'd use your common sense instead of a thesaurus of comp sci terms, maybe you'd get through this discussion without making any more stupid reference to NP completeness and consequently not look like a complete tart.
That's not an argument, you're just admitting you have no leg to stand on and your way of finding and proving code maliciousness is rough intuition.
If there is a piece of code that's giving someone else backdoor access or disclosing data there's no two ways about it. You are right in that there is no known way to prove that a system doesn't have any malicious code, but you butting in with your intro to computation 101 textbook is irrelevant to OP's question, which was how to check firmware for viruses.
I gave not one but two ways to check for malicious code, provided OP fills in the blanks for his own malicious() predicate.
bump
Run all network traffic through a sniffer on a separate device. Look at what's coming and going. You should have a good idea of where your traffic is coming and going while in use, so any weirdness should be considered suspect. Malware is useless if it's not collecting some form of data and sending it somewhere. Sure there's prank level shit that just annoys or destroys, but nobody is going to go to the lengths involved in bios tampering to play a joke.
Your suggestion was to model the entire architecture of a CPU to find malware that is not stored on the CPU
bump