Does the 'undetectable' backdoor exist?

flashh4 · Feb 7, 2022

This was sent to me by one of my teachers awhile back, thought you guys might like to read it or maybe not !

For all intents and purposes, hardware such as the video card, RAM, CPU and motherboard can not get infected. It is the software that runs/communicates with the hardware that can be infected. For the most part, hardware can NOT be infected.

It was mentioned that there is a RootKit that can compromise the system BIOS (Basic Input Output System). The BIOS is a set of low-level routines that works as middle-ware that allows any Operating System to communicate and work with the hardware of the motherboard. In the past the best that a malware could do is erase the BIOS or corrupt it. Recently, in China. a RootKit (which is a trojan and not a virus) was found to replace the the factory BIOS with a malicious BIOS. However, this is not easily accomplished as if a mistake is made it would leave the computer incapable of booting into the OS. Until last year, this was mostly a science experiment and nothing capable was seen "in the wild". As of this year we now know it is a possibility but an extremely remote possibility so one can generally discount that as a possibility.

There are basically two major classes of malware that one does have to be concerned with; viruses and trojans. The term virus is widely misused. most think all malware are viruses. Not true. The overarching concept of malicious software is "malware" for Malicious Software. All viruses are malware but not all malware are viruses. Viruses are a class of malware that is able to "self replicate" or spread on its own means and without intervention. Trojans are malware that needs assistance to be spread. The vast majority of malware seen Today are trojans.

Haydon · Feb 7, 2022

flashh4 said:
This was sent to me by one of my teachers awhile back, thought you guys might like to read it or maybe not !

For all intents and purposes, hardware such as the video card, RAM, CPU and motherboard can not get infected. It is the software that runs/communicates with the hardware that can be infected. For the most part, hardware can NOT be infected.

It was mentioned that there is a RootKit that can compromise the system BIOS (Basic Input Output System). The BIOS is a set of low-level routines that works as middle-ware that allows any Operating System to communicate and work with the hardware of the motherboard. In the past the best that a malware could do is erase the BIOS or corrupt it. Recently, in China. a RootKit (which is a trojan and not a virus) was found to replace the the factory BIOS with a malicious BIOS. However, this is not easily accomplished as if a mistake is made it would leave the computer incapable of booting into the OS. Until last year, this was mostly a science experiment and nothing capable was seen "in the wild". As of this year we now know it is a possibility but an extremely remote possibility so one can generally discount that as a possibility.

There are basically two major classes of malware that one does have to be concerned with; viruses and trojans. The term virus is widely misused. most think all malware are viruses. Not true. The overarching concept of malicious software is "malware" for Malicious Software. All viruses are malware but not all malware are viruses. Viruses are a class of malware that is able to "self replicate" or spread on its own means and without intervention. Trojans are malware that needs assistance to be spread. The vast majority of malware seen Today are trojans.

The sane voice in the jungle

How about remote code execution for creating a backdoor?

Brian60077 · Mar 14, 2022

A friend of mine gave me a book I started reading called the 5th domain that is about cybersecurity. The authors who wrote it were with the cybersecurity part of the government at one point, and although I have only read the first 2 chapters since I just got the book from him yesterday it has mentioned the wannacry issue along with another think it was called petya or something similar.... It is scary to think what the NSA and other government agencies can do if they want to. I recommend getting it and reading it, and have a feeling it will make people think about their own cybersecurity protocols.

jimbo45 · Mar 14, 2022

[

Hi folks and @Haydon

Pretty well any computer OS (or app) on the planet has some type of backdoor that's "exploitable" by people in the know. I remember an early one on IBM's mainframe MVS/SP system back in the 1970's.

You could in those days as an IBM mainframe "System Programmer" -- probably called I.T admin these days do what they called a "Nucleus System Generation" - i.e a customised kernel generation. This allowed the addition of "User defined SVC" calls i.e "Supervisor calls" which simply in an application program the code was simply to call SVC xxx or in the Assembler language of those days simply SVC xxx. So one created simply an SVC 255 with one line code in it -- BR 0 which had the effect of branching to the address in reg 0 in supervisor mode. You could then change the application program state to Supervisor mode via set LPSW or similar -- set program status word -- I think -- long time ago -- it was bit 15 again I think that needed to be set to 1 to give supervisor or privileged state. (PSW - Program status word) was always in a fixed area of the IBM OS. I think it was actually a hardware register so not dependent on knowing what the computer model was or the release level of the OS -- and then you are done !!!.

Maybe some old time IBM sysprogs could update / correct !! . Module was linked into the Nucleus as IGC255.

What you'd do for old time BAL programmers would be to set save areas standard in IBM's BAL (R13,R14 and R15) , load current address of your application program into R0 (LA R0 =DC V(pgrog addr label) , BR 0 which then do your thing to change the PSW status to "privileged mode" and BR 14 to exit and return to your application code in "Supervisor mode". My BAL knowlege is a bit rusty but you should get the idea !!.

"Seemples if you knew how back then". Now there's more security e.g ACF2 / RACF etc but even now there's always back door hooks into any complex piece of software. The trick is in being able to switch from application state to Privileged" and there's probably zillions of "undocumented" hooks into BIOS etc.

OK you really couldn't do that from outside but when a company has a zillion employees world wide is it really feasble to keep tabs on all of them. In any organisation --especially large ones there's always a few.disgruntled employees.

However these days the aim is making money so individuals unless they are Russian Oligarchs aren't really people of interest - hacking a country's or even a big business's infrastructure is a far more "tasty" target.

There's a huge amount of unnecessary paranoia over security these days -- I had to go through that wretched "Text phone code" authentication TWICE this morning -- just to pay a credit card issued by the SAME Bank as my current account -- for an amount of 75 EUR !!!! Unnecessary B/S in my view - especially if it's from the BANK'S own accounts. I don't blame the Banks for once !! this B/S has been totally introduced at least across the EU and EEA and I think in the UK as well by Govt people totally failing to have any serious I.T knowlege what so ever --too many people in the Civil service of a lot of countries who have ist class honours degrees from Universities in Latin / Greek Poetry from Ovid etc but wouldn't know a computer mouse from a real furry rodent.

Cheers
jimbo

Haydon · Mar 14, 2022

jimbo45 said:
However these days the aim is making money so individuals unless they are Russian Oligarchs aren't really people of interest

How about ex-husband/ex-wife/ex-boyfriend/ex-girlfriend in combination with an employee of an email hosting company looking for an extra buck?

Ghot · Mar 14, 2022

♫ K-k-k-Katie, K-k-k-Katie
You're the only girl I'll ever ador-or-ore.
When the moon shines over the cow shed,
I'll be waiting by the b-b-b-backdo-or-or. ♫

In the original song... it ended in... k-k-k-kitchen do-or-or.

Well... I was close...

Haydon · Mar 14, 2022

The Internet kitchen has billions of backdoors.

jimbo45 · Mar 15, 2022

Haydon said:
The Internet kitchen has billions of backdoors.

Try this kitchen !!!!

Brilliant movie (although a bit of bad lang at the start which makes Gordon Ramsey sound like Madame Theresa !!).

Boiling Point (2021) ⭐ 7.5 | Drama, Thriller

1h 32m | R

www.imdb.com

Cheers
jimbo

johnlgalt · Mar 15, 2022

barman58 said:
The main question to answer here is how likely is some criminal (or other neerdowell), likely to spend the time to target you. These days unless you are a government, Financial institution, or major business, you are more at risk from something that you do. The point of serious attacks is to steal money, either directly or indirectly, (steal data or other information that is worth money to someone that will pay to keep it quiet or returned)

The private individual is unlikely to have access to anything that would make it worth the effort and time it would take to set-up such an attack.

They may try to gain a dollar or two from several million users by a scam, but the whole technique used for this is open to the target who is fooled into willingly give money or information that is worth money

While I (for the most part) agree with this, I do disagree with the one statement in the middle there, as there is one thing to consider here.

The average person is usually an employee for a company or corporation. And the average person is usually less cognizant of security concepts, and does not take as much time protecting their own computer and device security.

If a person works for a corporation that a malicious actor / a group of malicious actors is interested in breaching, then they can quickly and easily become a target for said actor / group to gain access to their system(s), in an attempt to ferret out information that can be used to accomplish their true goal - breaching the company. As there are many different techniques and tactics used, including things like social engineering, it becomes more clear that, while this "you probably won't be targeted' argument may be true, in the sense that the malicious actors may not be (directly) interested in your own money, and financial accounts directly, it's absolutely the wrong approach to take when considering personal digital security. The more information the malicious actors have collated to attempt a breach of corporate systems, the better position they are in to start penetrating through layers of security.

IMO, regardless of if you work for a multi-national corporation, a large company, or even as SMB, and *especially* in today's high instances of WFH situations, now, more than ever, the need for personal digital security is higher than ever. Thinking that "Well, I don't really have anything that they'd want" is fallacious thinking - if nothing else, you may have a friend in your contact list that works for the company they want to target, or regularly converse with someone on an internet forum, like this one, with someone who has ties to the targeted corp. Fishing out that information discretely is their best plan of action.

Plus, if nothing else, once a personal device is hacked, it can also be thrown into the collective we call a botnet. These botnets are almost crucial in the modern age for a variety of purposes that the malicious actors / groups want to carry out.

Just because you think you have nothing of interest for them doesn't mean that it is actually true.

wimorrison said:
In the computing world, nothing is absolutely impenetrable, and it is a case of weighing the cost and risk of infiltration against the cost of preventing the infiltration. If the cost or risk is high enough to overcome the cost of prevention, then clearly you would mitigate the potential by implementing the preventative measures.

Unfortunately, many companies (and individuals) consider that this is a one time exercise which it is not, it is an ongoing exercise that needs to be undertaken constantly because every time you close a door to the infiltrator they will look for an alternative door that you haven't locked which means you then need to repeat the exercise - at best you will be one step behind the infiltrators, and highly unlikely to ever be ahread of them - but you can make it difficult.

As to the original question, absolutely, it has been done many times in the past and will be done again in the future - connecting anything to anything always introduces a risk, you need to evaluate that risk and make a decision based upon the value and costs - or disconnect completely from the internet, and never reconnect

This, 100%. Back when Calendar of Updates was still in its early stages, we had a lot of discussions about computer security, and that was a point that I and others made, repeatedly.

If it is digital, it can be hacked.

New methods are discovered , developed every single day. Old methods are revamped to work in new ways. Things that were thought to be secure were found to be not so secure. As technology continues its accelerated development track, so, too, do the exploits that are found, discovered, or adapted. There is no "Set it and forget it!" when it comes to digital security - and there never will be, as long as you keep in mind the above quotation.

Haydon said:
I would presume that a Government agency would procure 'clean' computers without backdoors. I wonder if a private citizen like me could get such a 'clean' computer.

That is a very dangerous presumption. Here is why.

We live the digital age. everything has gone digital, or the vast majority of things, anyway, and thus those troves and troves of data have to be protected. Kept safe. At the same time, governments have to play their little spy games and see what every one else is doing, especially countries that they are not overtly friendly with. We spy, They spy. Everyone spies. There is no clean computer - unless you build a computer that 1) is completely, utterly 100% standalone - never plug in a jump drive to it, never bring in data from an outside source, never connect it to an outside resource of any type (that includes Internet and network access) _ and even then it is susceptible to a physical-access based attack. Because it is digital. And if it is digital, it can be hacked. It's a lot harder to on such a system, because you need physical access to actually hack it - but it is still theoretically possible.

Our (I'm US based) government has rules upon rules upon rules on what is and isn't allowed on a device, depending upon the access level you are afforded within the government. We also have dedicated cybersecurity professionals employed to prevent government systems from being penetrated / breached. But we also have dedicated government officials and employees whose job is to breach other nations' systems. As do most nations on the planet. Our intelligence services have a broad range of tactics used to gather information on a variety of nations, groups, and individuals both domestically and abroad. Every piece of information, every data packet, is analyzed by cybersecurity agencies. Because information is the new must have resource. It's not gold, money, digital currency, etc. - it's about information. Corps want it, governments want it, and even if you are a stay at home parent to young children - someone, somewhere, wants to know that information, for whatever reason.

flashh4 said:
This was sent to me by one of my teachers awhile back, thought you guys might like to read it or maybe not !

For all intents and purposes, hardware such as the video card, RAM, CPU and motherboard can not get infected. It is the software that runs/communicates with the hardware that can be infected. For the most part, hardware can NOT be infected.

It was mentioned that there is a RootKit that can compromise the system BIOS (Basic Input Output System). The BIOS is a set of low-level routines that works as middle-ware that allows any Operating System to communicate and work with the hardware of the motherboard. In the past the best that a malware could do is erase the BIOS or corrupt it. Recently, in China. a RootKit (which is a trojan and not a virus) was found to replace the the factory BIOS with a malicious BIOS. However, this is not easily accomplished as if a mistake is made it would leave the computer incapable of booting into the OS. Until last year, this was mostly a science experiment and nothing capable was seen "in the wild". As of this year we now know it is a possibility but an extremely remote possibility so one can generally discount that as a possibility.

There are basically two major classes of malware that one does have to be concerned with; viruses and trojans. The term virus is widely misused. most think all malware are viruses. Not true. The overarching concept of malicious software is "malware" for Malicious Software. All viruses are malware but not all malware are viruses. Viruses are a class of malware that is able to "self replicate" or spread on its own means and without intervention. Trojans are malware that needs assistance to be spread. The vast majority of malware seen Today are trojans.

The original concept of a Trojan actually comes from the Trojan Horse story from Greek mythology, in which the Greeks, in order to enter the fortified city of Troy, presented the Trojans with a very large wooden horse - that was hollow inside, and full of Greek soldiers. At night those soldiers existed the horse and took over the city, claiming eventual victory in the war.

The concept in terms of digital malware is similar in scope. The idea is to try to trick someone into obtaining / opening the file so the contents can then be used for nefarious purposes, including but not limited to, more Trojans, viruses, and other forms of malware, similar to how the Greeks tricked the Trojan people to accept the false gift that came bearing soldiers to infiltrate from the inside.

As to what your teacher wrote, well, it's quasi-correct. It's true that hardware in and of itself cannot actively do anything - all processors and such need to be fed instructions in order to perform a duty. But, the majority of processors have attached code, in the form of firmware, that can sometimes be accessed, and even modified (not all firmware is user upgradeable), and those that can be modified can also be modified maliciously, for nefarious purposes. So, in fact, if the firmware is upgradeable, and can be modified to perform nefarious tasks, then, yes, it's splitting hairs, but technically that can be considered as being hacked, and in some circles would full well be considered as the hardware was hacked - after all, if the hardware was developed in such a way that the firmware could never be upgraded in the first place, or at least cannot be upgraded without destroying the actual hardware, then the firmware would have gotten hacked, and thus the hardware would still be able to function normally.

Again, yes, it is splitting hairs - but the vast majority of digital processors that we use have associated firmware. Because they have to - that is how they function.

In order to answer the OP, I will add this bit of humor (though it's also serious): If it is undetectable, then how would we know that it exists?

Brian60077 · Mar 15, 2022

according to this book i am reading, a lot of the malware comes from various government agencies, including our own government in the USA.

cereberus · Mar 15, 2022

Well,

Brian60077 said:
according to this book i am reading, a lot of the malware comes from various government agencies, including our own government in the USA.

Never trust books - far better to trust random posts from some anonymous dude on the net as he will have a beard and no personal life and hence must be true LOL.