Академический Документы
Профессиональный Документы
Культура Документы
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Goodbye World!
S t u x n e t a n d C y b e r W a r f a r e a r e e x p l o i t i n g t h e ( i t s complicated) relationship between Software and Hardware to cause damage and sabotage!
To d a y i t s a c o u n t r y t h a t s e e k s t o d e s t r o y a n o t h e r n a t i o n a n d t o m o r r o w i t s a c o m m e r c i a l c o m p a n y t h at seeks to ma ke a r iva l co mp a ny go o u t o f b u si n es s . A n a c t o f I n d u st r i a l Cy b er Wa r fa re .
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Te r r o r i s m
Political/ So cial Agenda
Revenge
Blackmailing
Greed, Power and etc.
All rights reserved to Security Art Ltd. 2002 - 2011
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Local Attacks
Does anyone smell smoke?
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Computer Fans
Not a target, per se.
Disablin g or slowing down the fan RPM speed can result in increased temperature Lengthy exposure to high temperature (due to lack of cooling) can lead to Electromigration that in turn will cause a Perman ent Denial -o f-Ser vice
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
CPU
Overheating Overheating Overheating Overheating Bricking due due to Stressing due to Overclocking due to Overvolting d u e to ( a l way s o n ) P 0 @ A P M /AC A P I to Phlashing (via Microcode Flashing)
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
RAM
Overheating due to Overclocking Overheating due to Overvolting Burnout due to Overvolting
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
CD-ROM/DVD-ROM
Wea r i n g o u t d u e to O ver u si n g t h e d r i ve t ray Bricking due to Phlashing
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Memory Wear
Flash memory has a finite number of program -era se c y c l e s ( a k a . P/ E c y c l e s ) . Most commercially available Flash products are g u a r a n t e e d t o w i t h s t a n d a r o u n d 1 0 0 , 0 0 0 P/ E c y c l e s , before the wear begins to deterio rate the integri ty of the storage Popular products that are based on, or using Flash memory : USB Disk On Keys, Solid -state Drives, Thin Client s and Routers and more.
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
dd if=/dev/urandom of=/dev/xxx
Description: Infinite loop that excessively writes pseudo-random to a flash memory
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
CRT Monitor:
There are problems at scan rates which exceed the monitor's specifications (low or high). Some monitors can blow if given a too low scan rate or an absent or corrupted signal input.
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Floppy Drive:
Wea r i n g o u t d u e to E xc es si v e H ea d Ro tat i o n On some floppy drives there are no validity checking on sector / t ra ck values, and so the floppy head might get hit repetit i vely against the stopper (See: NYB Virus)
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Summary
Computer Fans CPU GPU RAM Hard Drives BIOS CD-ROM/DVD-ROM External Storage (e.g. Disk On Key) Network Cards CRT Monitor (Legacy) Floppy Drive (Legacy) Non-x86 Chip
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Remote Attacks
The long arm of the Permanent Denial-of-Service
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Open Questions
How this affect s Cloud and Virtual ized System ?
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com
Countermeasures?
Hardware: Over-clocking Protection Over-voltage Protection Over-te mperature Protection Software: Digitally signed Firmware Binaries & Updates
I t z i k K o t l e r | M a y 2 0 11
www.security-art.com