Investigating Rootkit Risks In Graphics Card Flash Memory

The flashable memory on graphics cards and other add-on hardware could easily be used to hide malicious code on computer systems, yet still run the software at boot time, a researcher told attendees at the Black Hat DC conference on Wednesday.

Such surreptitious code, known as a rootkit, could be hidden in the expansion read-only memory (ROM) frequently used by add-on Peripheral Component Interconnect (PCI) cards, said John Heasman, a security researcher with Next-Generation Security Software. The expansion ROM attack could update itself using a covert channel to the Internet, runs at boot time and would be fairly difficult to detect. It doesn't help that the developers creating device drivers don't normally consider security, he said.

The link for this article located at SecurityFocus is no longer available.