Hackers have hit on a new way to break into computers: by attacking the firmware used in networking cards. Independent security researcher Arrigo Triulzi is set to unveil one such attack on Friday at the CanSecWest security conference. He calls his technique the Jedi Packet Trick. It essentially installs a clandestine virtual private network inside a firewall by hacking the firmware of the victim’s networking cards.
Using a little-known remote factory diagnostic mechanism used by certain Broadcom cards, Triulzi has developed a way of installing customized firmware that instructs the card to directly pass packets to another card without telling the operating system. “You trick the operating system into believing that packets going between two different network cards don’t exist,” he said.
- Is this for real? Yes, this is for real.
- Is this a seriosu threat? Yes, this is a serious threat.
- Is there Proof of Concept code for this threat? Yes, there is PoC.
- What about patches and vendor confirmation? http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471