Rakshasa: Undetectable and Incurable Malware

 

Rakshasa comes from a mythological Hindu and Buddhist demon

Viruses and malware seem to infect computers and mobile devices with greater ease as of late, and are increasingly more destructive. Malicious software can be rigged to destroy physical military interests and can be installed through software updates or the tried and true method of latching on to media drives and discs. Preventing, detecting and removing malware is already time consuming and financially costly, however Jonathan Brossard plans to present a paper, at this year’s Black Hat security conference in Las Vegas, on the “Raskhasa” malware strain he has concocted that is nearly impossible to disinfect.

In theory, Rakshasa would infect a computer’s BIOS, the part of the computer that boots the operating system and vital system components. Rakshasa takes advantage of peripherals (e.g., network card, disc drives, sound cards) ability to write to the computer’s RAM. Rakshasa infects these components and even if you were successful to disinfect the BIOS, it would continue to be reinfected by other parts of your computer. Broussard states this is not a new vulnerability and this architectural exploit has existed for 30 years.

To disinfect the computer fully, “you would need to flash all the devices simultaneously,” says Brossard. He goes on to state it may be easier and cheaper to replace the computer.

When asked about the potential ramifications of Rakshasa, a spokesperson for Intel states that Brossard’s paper is “largely theoretical.” Dismissing there is no immediate threat to computers at this time. In fact, the Intel spokesperson goes on to state, the latest generation of Intel processers are largely protected by this manipulation, since it requires changes to BIOS be made with a cryptographic code. In order to deliver this malware, the computer would already be overtaken the system even before the bootkit could be delivered.

Brossard admits that Rakshasa does indeed need prior control of the computer before inflicting its fury, but finds this is feasible if a manufacturer obtains and installs an infected piece of hardware somewhere in the manufacturing process.

What do you think about this potential vulnerability?

[Source: Forbes, Black Hat Presentation (PDF)]



Roy Choi

Roy Choi is a Southern California native. He has been infatuated with technology reviews ever since he bought his first crummy laptop in the summer...