Was told malicious code can be written to Processor.

[8-bit]

I was having a conversation with a Geek Squad guy in a Best Buy store and was telling him I could run linux from a computer with no hard drive and that I had ran linux for 5+ years with no virus detection software and had never caught anything.
I said that with everything in ram, that malicious software had no place to go on shutdown.
He stated that malicious code could be written to the processor and passed on from it.
I think he was feeding me a line and seeing if I would bite.
What do you think?
Is it possible for malicious code to be written to the processor cache and be able to infect a storage device on reboot?

[Lobster]

Oh - my 'paranoia for beginners' compatriots will be delighted with this possibility to sweat over.

BIOS can be written to and onboard CPU cache probably still lasts about 30 seconds without power - maybe it can survive longer on the trickle charge of modern ATX power supplies?

I have never heard of such endeavours, though I believe there were efforts (perhaps successful) of some security agencies to tamper with BIOS code, to keep themselves in the loop.

If this was a likely scenario, some company would write the proof of concept and then protect from the threat they had created. Does Best Buy have a product that protects against this processor writing code?

No?
When will it be available?

Come to that when will the CPU writing code be available on the Black Hat circuit?
Tin Hats need to know.

[jamesbond]

As Lobster said. Theoretically, possible.

BIOS (both system BIOS and PCI BIOS) can be re-flashed.
CPU microcode can be updated.

Probabilistically? I wager it's very small, only because the cost/benefit ratio is very high.

[cthisbear]

Ex-Geek Squad Agent Tells The Truth!

http://geeks.pirillo.com/forum/topics/e ... -tells-the

Chris.

[puppyluvr]

Hello,

Ex-Geek Squad Agent Tells The Truth!

LOL, about what I figured...And not just them. ie BestBuy and Geeksquad, but most of the MS based "Techies" at retail outlets everywhere....
Fear and intimidation reign supreme...
TG for Linux...

[SirDuncan]

What the Geek Squad guy said was a straight up lie. You cannot write anything to the processor. It has no permanent storage to write to. The CPU cache is basically just very expensive, very limited capacity, very fast RAM. Lobster points out that it could still be read from for a few seconds after power off, but when the CPU boots up it doesn't go looking in the cache thinking that there will be instructions from God on the non-persistent memory. It assumes that that cache is empty. All the bits in the cache are marked as empty. It doesn't matter if it is a 0 or 1 if the CPU has it marked as empty.

The BIOS virii, on the other hand, are a very real danger. They are very hard to detect and purge and they don't depend on the OS. Fortunately, they are very uncommon in the modern era. They saw some popularity during the heyday of the floppy, but all of that architecture specific coding and space constraints (the BIOS isn't very big) made normal virii a more cost/time efficient choice. BIOS virii are also harder to get installed since you basically flash the BIOS to "upgrade" it to the infected version.

In short, no you cannot get your CPU infected any more than you can get your rotary phone infected, and the Geek Squad guy deserves a frying pan upside the head for being a manipulative liar.

[Perkins]

I am mildly curious about why a linux user was wasting his time talking to Geek Squad... In my experience they are generally a bunch of highschool graduates with a "How to do X on Microsoft Windows" checklist.

[postfs1]

To reedit up to date.

[Perkins]

Ah yes. Hardware backdoors always trump software security.

[8-bit]

I am mildly curious about why a linux user was wasting his time talking to Geek Squad... In my experience they are generally a bunch of highschool graduates with a "How to do X on Microsoft Windows" checklist.

Since I am the one who started this topic, I just wanted to show that a lot of mis-information is used to sell a product or service by some.
And those customers that do no know jack about their computers fall for the lies that are used to sell said service.

I personally have Windows Vista on my PC on the factory installed hard drive.
I added another hard drive and boot to it with Easy BCD.
That second drive has Puppy installed on it and to give you an idea of how often I boot to Vista, it always complains that the AVG anitvirus needs updating and windows and other updates need to be done.

So I run Puppy, various versions, on a linux partition on the second drive secure in the fact that I feel more secure with it than I do with Windows.

[Aitch]

8 bit

Try this

http://www.murga-linux.com/puppy/viewtopic.php?t=59738

Aitch

[8-bit]

Aitch,
Just by looking at the contents of the linked viruskiller file after downloading, I can tell it is a game.
I mention this just in case someone else assumed it was a virus protection program.

I still have a batch to exe utility for DOS that converts a DOS batch file to an exe file.
In my early days of win95, I accidently erased my windows directory and had to reinstall win95 as I was to dumb at the time to figure out how to recover otherwise.
I also learned that reformatting a drive did not erase data.
I could still access the data on the drive with a sector editor.
Also, in my early days with an Atari home computer, in the days of BBSes, I willingly gave control of my PC to a friend that was writing a BBS program that would allow him to take control of a remote PC.

[SirDuncan]

"article and comments, Apr 16 2008"

That article doesn't make sense. First it says the processor is hacked by special firmware, then it say that the trick was to alter the logic gates (hardware). The rest of the article seems to indicate that the hack is not an infection but a physically modified chip. That would mean that you cannot "infect" a chip. It means that you must physically replace the processor with one designed to allow the attack. That's like saying if you let me install your lock that I could key it to allow a special master key to allow me to get in.

If you have physical access to install your hacked chip, you could just install a normal virus or steal the anything already on the HD. The only way this is a viable problem is if you are a government buying chips from a foreign company (i.e.: US DOD buying chips from China).

At least that's my "it's-too-late-at-night" reading of the article.

[puppyluvr]

"Um, excuse, can I physically alter 1300 of the gates in your processor??
Let me get my microscope.."

However, a third party vendor, like the aforementioned GeekSquad guy, could pull a cpu swap...

[jamesbond]

Everything is possible if you're willing to spend enough dough - CPU disassembly anyone? (not, not code disassembly - this is CPU disassembly) http://www.flylogic.net/blog/. Have fun

But again, the question is, why bother? It's much easier (and more effective) to send emails containing some cute Kungfu Panda screensaver loaded with virus rather than doing these hardcore hacking stuff ...

Unless the payoff is also very great, of course.

[Aitch]

8 bit

10 bonus points and a cookie

Even with my magnifying glass I can't even read the writing on the case of a processor, let alone see any microchips.....

Nice, humourous story though......sorts the thinkers from the blind followers....bit like my 'virus killer'

Aitch

[postfs1]

To reedit up to date.

[RetroTechGuy]

What the Geek Squad guy said was a straight up lie. You cannot write anything to the processor. It has no permanent storage to write to. The CPU cache is basically just very expensive, very limited capacity, very fast RAM. Lobster points out that it could still be read from for a few seconds after power off, but when the CPU boots up it doesn't go looking in the cache thinking that there will be instructions from God on the non-persistent memory. It assumes that that cache is empty. All the bits in the cache are marked as empty. It doesn't matter if it is a 0 or 1 if the CPU has it marked as empty.

Actually, it's more likely that the CPU overwrites all of the data in the cache, as part of its P.O.S.T. memory check... So anything stored there would be obliterated.

[PaulBx1]

CPU microcode can be updated.

Huh?

Unless the computer world has passed me by completely (which is possible), there is no such thing as CPU microcode.

Some IC's are downloadable, in a way that changes their logic gates. A company named Xilinx used to make what we called programmable gate arrays. I even did a Xilinx design ages ago. I'm sure this is commonplace now, but not in a CPU where you need maximum function and speed packed into the smallest possible die. CPUs are always going to be hard-wired. You can't write to a CPU. You probably can't even write directly to CPU cache, which no doubt only has a path from ordinary ram.

[RetroTechGuy]

CPU microcode can be updated.

Huh?

Unless the computer world has passed me by completely (which is possible), there is no such thing as CPU microcode.

Some IC's are downloadable, in a way that changes their logic gates. A company named Xilinx used to make what we called programmable gate arrays. I even did a Xilinx design ages ago. I'm sure this is commonplace now, but not in a CPU where you need maximum function and speed packed into the smallest possible die. CPUs are always going to be hard-wired. You can't write to a CPU. You probably can't even write directly to CPU cache, which no doubt only has a path from ordinary ram.

Unless there are actually "PROM" bits available, and the virus writer has a way to burn in the changes, they aren't going to change anything.

As Paul notes, other than custom (slow) processors, the CPU is going to have no EEPROM bits (and no EPROM bits - for those with access to a UV eraser). And even if there were old-fashioned PROM bits inside, you would need a writer with sufficient current and correct configuration to burn out those wires, in order to change the code.

If you need something to worry about, worry about web page "click-jacking" and downloaded viruses...