04-05-2007, 11:00 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
ARM and X-Scale Processors Subject To Attack?
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9015618&taxonomyId=17
"A security researcher at Juniper Networks Inc. says he plans to demonstrate a new class of attack that can be used to compromise electronic devices like routers or mobile phones. The vulnerability lies in the Arm and XScale microprocessors, two chips that are widely used in these "embedded" devices. "There are interesting quirks in the ARM and XScale architectures that make things very easy for an attacker," said Juniper's Barnaby Jack. The technique he has developed is "100 percent reliable, and it results in code execution on the device," he said."
The attack has to do with exploiting a testing interface on the chip, not a buffer overflow vulnerability in the operating system or application, which is the case with most attacks today. The testing interface can be turned off, but I am not sure if it requires the OEM to physically do that or if a program can be download to turn it off, thereby closing the security hole. I would think something like this would require at least BIOS level access to enable/disable. Not pretty. Just for the record, ARM is the architecture used by Windows Mobile devices, and has been since 2000. Before that, a variety of chips were used, like SHx and MIPS.
|
| |
|
|
|
04-06-2007, 09:19 AM
|
|
Philosopher
Join Date: Oct 2006
Posts: 554
|
|
Sometimes, I think that all those antivirus soft makers invent them to scare us, and ruin our devices so they could sell their stuff to us :twisted:
|
| |
|
|
|
04-09-2007, 01:46 PM
|
|
Neophyte
Join Date: Feb 2007
Posts: 4
|
|
Is this a problem ?
No, because it's not a pure software but a hardware attack.
The "attacker" has to steal my device, open it and connect a JTAG interface to this device.
There are several easier methods to debug or "attack" an application than using JTAG :roll:
|
| |
|
|
|
04-10-2007, 05:16 AM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by PDATek
Is this a problem ?
No, because it's not a pure software but a hardware attack.
The "attacker" has to steal my device, open it and connect a JTAG interface to this device.
|
doesn't look like physical access is necessary.
|
| |
|
|
|
|
|
|
Linear Mode
