The Hidden Nemesis
- Type
- Audio
- Tags
- backdoor, embedded
- Authors
- Ralf-Philipp Weinmann
- Event
- Chaos Communication Congress 27th (27C3) 2010
- Indexed on
- Mar 27, 2013
- URL
- http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-4174-en-the_hidden_nemesis.mp3
- File name
- 27c3-4174-en-the_hidden_nemesis.mp3
- File size
- 21.4 MB
- MD5
- 3f2cdef6cbcea984e46db6bbc0b9c346
- SHA1
- 5322484e73613e7ab749bfac60a2d88252600362
Want to persistently backdoor a laptop? Backdooring the BIOS is out of the question since your target can dump and diff it? Planting hardware is out of the question as well? Shhhhhhh.. I have something for you: Embedded controllers are present in every modern laptop, yet their security impact has been unresearched thus far. An embedded controller has access to the complete stream of keyboard scan codes, can control fans and the battery charging process. Backdooring the embedded controller is a powerful way to plant a persistent firmware keylogger that works in a cross-platform fashion. Since ECs usually also provide battery and temperature sensor readings through ACPI, there also exists a way to funnel out the keystroke data through a low-privilege process later. Some laptops even allow EC controller firmware updates over the LAN! I will present a PoC backdoor for a widespread series of laptops and show you how to defend yourself against this attack by dumping the EC firmware yourself.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
