CybersecurityDell warns of hardware trojan

Computer maker Dell is warning that some of its server motherboards have been delivered to customers carrying an unwanted extra: computer malware. It could be confirmation that the “hardware trojans” long posited by some security experts are indeed a real threat (see “Malicious hardware may be next hacker tool,” 2 May 2008 HSNW).

Paul Marks writes that unlike hard-drive-based computer viruses which can be disabled by antivirus software, a hardware trojan lives out of reach of such defenses. It comprises some kind of alteration — by sabotage or accident — to the very heart of a computer: its microprocessors, memory chips, or circuit boards.

News that Dell may have a hardware trojan problem emerged on a support forum after a user was warned by a Dell call centre that the firm’s PowerEdge R410 server motherboard contains spyware of unspecified function that a Dell engineer needed to come and remove.

Dell confirms on the same forum: “The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. This malware code has been detected on the embedded server management firmware.”

Firmware is the semi-permanent software that controls vital internal components. Marks writes that it will be fascinating to find out how the malware got into Dell’s firmware, not least because firmware should have been subject to high physical and computer security procedures.

The threat of hardware Trojans has been recognized at the highest levels. The Pentagon is spending millions on research designed to ensure it can trust the microchips in critical systems, especially those made outside the United States.

Elsewhere, researchers are also investigating the threat from would-be chip-plant saboteurs, who poison the chip-making processes to introduce a “kill switch” that makes the chip fail unexpectedly.