Yes, its true. One word describes how this is possible: firmware. While security companies are spending virtually all of their time focusing on software-based protection, this is something I feel will make a huge impact on computer security within the next year or so; computer performance, identity theft, all could be done through this method with virtually no one having the slightest clue it is occurring (since current security solutions would not be able to detect these). Let’s just hope security firms will be able to quickly respond to this kind of new threat. A big thanks to John Heasman for discussing this issue at the Black Hat Conference.

PC hardware components can provide a way for hackers to sneak malicious code onto a computer, a security researcher warned Wednesday.

Every component in a PC, such as graphics cards, DVD drives and batteries, has some memory space for the software that runs it, called firmware. Miscreants could use this space to hide malicious code that would load the next time the PC boots, John Heasman, research director at NGS Software, said in a presentation at this week’s Black Hat DC event here.

“This is an important area and people should be concerned about this,” Heasman said. “Software security is getting better, yet we run increasingly complicated hardware. Unless we address hardware security, we’re leaving an interesting avenue for attack.”[more]

Tags: Malware