Implementing and Detecting a PCI Rootkit

by Vitaly Popovich [Published on 20 Nov. 2006 / Last Updated on 20 Nov. 2006]


John Heasman, a researcher from NGSSoftware, wrote an interesting article about PCI rootkits, i.e. rootkits existing in the firmware of PCI cards. The article describes how this type of exploit can enter the system, what can be done by the rootkit. John Heasman also describes various preventative measures that can help against these rootkits. It is interesting to note that the researcher found a couple of such proof-of-concept exploits. However, the author thinks that PCI rootkits are unlikely to become popular since there are so many other forms of exploits which are much more widespread.
Personally I think that PCI rootkits may become popular with Windows Vista release. It is known that Vista has a number of protective measures against viruses and malware. Meanwhile, I don't think that Vista has protection from an application trying to flash firmware if it is run with admin privileges. This would make PCI rootkits more attractive for hackers. On the other hand, PCI rootkits would become obsolete with the development of TPM.
You can download and read the whole article from here:
Implementing and Detecting a PCI Rootkit


Technorati : bios, flash, hardware, security, windows Del.icio.us : bios, flash, hardware, security, windows Ice Rocket : bios, flash, hardware, security, windows

John Heasman, a researcher from NGSSoftware, wrote an interesting article about PCI rootkits, i.e. rootkits existing in the firmware of PCI cards. The article describes how this type of exploit can enter the system, what can be done by the rootkit. John Heasman also describes various preventative measures that can help against these rootkits. It is interesting to note that the researcher found a couple of such proof-of-concept exploits. However, the author thinks that PCI rootkits are unlikely to become popular since there are so many other forms of exploits which are much more widespread.

Personally I think that PCI rootkits may become popular with Windows Vista release. It is known that Vista has a number of protective measures against viruses and malware. Meanwhile, I don't think that Vista has protection from an application trying to flash firmware if it is run with admin privileges. This would make PCI rootkits more attractive for hackers. On the other hand, PCI rootkits would become obsolete with the development of TPM.

You can download and read the whole article from here:

Implementing and Detecting a PCI Rootkit


Technorati : , , , ,
Del.icio.us : , , , ,
Ice Rocket : , , , ,

Add Review or Comment

Featured Links