Hackers look to 'hardware viruses'

Criminal hackers are creating malicious hardware which experts warn will be much more difficult to detect than conventional software-based malware.

A team led by Samuel King, assistant professor at the University of Illinois, Urbana-Champaign, has demonstrated how to gain control of a computer by adding malicious circuits to its processor.

Such circuits are effectively invisible to antivirus and other security software because they interfere with the computer at a deeper level than a software-based virus or even a rootkit.

King's team explained to New Scientist that they used a processor called a field programmable gate array (FPGA), in which logic circuits can be rearranged to create a replica of an existing open source processor called Leon3.

The original processor contains around 1.7 million circuits, but the boffins added about 1,000 malicious circuits not present in Leon3.

The new circuits allowed them to bypass security controls on Leon3 in a similar way to which a virus hands control of a computer to a hacker, but without requiring a flaw in a software application.

When the scientists connected the FPGA to another computer, they were able to steal passwords and install malicious software that allowed the operating system to be controlled remotely.

"Once you have this mechanism in place, you can do whatever you want," King told New Scientist.