Computerworld - The malicious code enters your network undetected, rapidly infecting more than 100 machines. But this is no ordinary virus. Your antivirus and disk recovery tools can't help, because the disk drives won't spin up at all. The drives are toast. The PCs are completely inoperable.
The era of microcode attacks has begun.
Could viruses really attack the low-level microcode that makes disk drives run? It's entirely possible, disk technology experts say. Dimitri Postrigan knows how such a virus might be created -- but he's not telling. Postrigan reverse-engineers and programs hard disk drives at ActionFront Data Recovery Labs.
He says each disk drive has its own internal operating system that enables the device to start up. The operating system microcode resides in a special system area of the disk. "A virus could be written which would destroy the whole system area on a drive. This will make the drive and data almost unrecoverable," Postrigan says.
That nightmare scenario also bothers Ben Carmitchel, president of ESS Data Recovery. "In the data recovery industry, we've been waiting around for this to happen. We've written programs to restore hard drives. We could easily write a program to destroy [them]," he says. He worries that others with fewer scruples could create a fast-spreading virus that causes massive destruction of data.
The idea of a microcode attack goes beyond hard drives, says Thor Larholm, senior security researcher at PivX Solutions. Microcode is found in other PC components, including graphics cards, the BIOS and the CPU. Both Intel and AMD offer microcode utilities, complete with source code that could be used to physically damage a CPU by severely overclocking it, Larholm says.
So, why haven't such exploits been more common? Fortunately, it's not that easy to do. Viruses thrive on homogeneity. While all PCs may look the same at the Windows level, at the machine level, things can be very different, making a broad attack more difficult to pull off.
Years ago, someone wrote a virus that attempted to overwrite the flash memory area of a PC's BIOS, but its success was limited because there are so many different BIOS implementations, says Sean Barry, remote data recovery manager at Ontrack Data Recovery.
Similarly, the way in which one accesses the service area of a hard disk varies by manufacturer. That means a virus would have to include code for each brand its creator wanted to target. The proprietary tools and codes required also aren't readily available to the layperson. Postrigan says he personally has tried to find such information on the Internet and through
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!