Re: Modern hw-killing virus feasible

[Ian Kayne <Ian.Kayne () SOFTLAB CO UK>]

It is definately possible to overload a monitor by using the wrong scan
rates. I just had a word with one of our Linux guys, he told me that he
personally blew up an older monitor by doing this. It's pretty hard to do it
with modern monitors, as they are far more resilient. I'll try and find a
technical explanation of why this works...

But talking about hardware viruses, how about these:

1. The virus that (allegedly) stepped the heads & wrote to your harddrive
quickly & often, it would cause bad sectors, (this is real AFAIK)
2. The virus that did the same to floppy drives (also real, AFAIK)
3. The TiVO (or ReplayTV as I believe it's called in the US), which can be
reprogrammed via its phone connection. Problem with this would be
distribution. (not real yet)
4. The Nokia virus - it's possible to put phones like the 7110 into Engineer
mode, then  change/modify/lock another phone. This can be done solely with
the infra red. (not real yet, but potentially dangerous). Also, SMS messages
can be sent with control codes that directly change the eprom on the phone.
5. 99% of modern DVD/CD drives (especially laptops) are flash programmable.
I've seen load of people killing a CD drive by flashing it with an incorrect
rom image. ROM size is a problem (not real)
6. Not forgetting the satellite service provider who recently knocked out a
stack of hacked decoder cards with a virus payload slowly sent over a period
of months.

Just some thoughts.. Excuse me while I go and service pack my mp3 player and
back up my phone...

Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company


> -----Original Message-----
> From: Ma Gores [mailto:gores () INAME COM]
> Sent: 07 March 2001 04:32
> To: VULN-DEV () SECURITYFOCUS COM
> Subject: Re: Modern hw-killing virus feasible
>
>
> I'd like to ask about the possibility of a virus damaging a
> monitor....
>
> Reading from page 228 of the SuSe book that came with retail 6.4 (US
> edition)...  "Unless you have in-depth knowledge... nothing should be
> changed in the modelines, since this could cause severe damage to your
> monitor."
>
> Isn't there a *possibility* that someone could change the
> modelines, via a
> Linux virus, that would "cause severe damage to your monitor".
>
> (Granted, currently Linux viruses are far less common than viruses for
> other platforms, but I expect we will see more as time goes
> on. <sigh>)
>
>
> Also... There has been a running thread in the
> alt.comp.virus.source.code
> newsgroup regarding the topic of "Can a Virus Damage Hardware".  The
> general consensus seems to be that it may be possible, but it
> hasn't been
> done yet.
>
> -------
> Magores
> "At the risk of being offensive, I think you need a little
> soap." -- David
> Gemmel
>
>
> At 11:34 PM 3/5/2001 +0100, you wrote:
> >  Hi!
> >
> >  Current DVD-regioning system provides *very* easy possibility for
> >  virus to render hardware unusable. Current DVD-roms allow setting
> >  DVD region for limited number of times.
> >
> >  Imagine virus, that switches DVD between japan-region and
> asia-region
> >  as many times as it can. It would leave DVD locked either
> to japan or
> >  asia, effectively making it unusable for european/us citizen.
> >
> >  Long time ago, rumors went that it is possible to kill harddrive by
> >  software. Then, old monitors could be damaged by software by
> >  missprograming them (but damage would take lot of time). Now DVDs
> >  provide effective way for software making them unusable.
> Pretty sad.
> >                                                                Pavel
> >
> > --
> > I'm pavel () ucw cz. "In my country we have almost anarchy and
> I don't care."
> > Panos Katsaloulis describing me w.r.t. patents at
> discuss () linmodems org


********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.

If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use of the information contained within
this email or attachments is strictly prohibited.

Internet communications are not secure and Softlab does not accept
any legal responsibility for the content of this message. Any opinions
expressed in the email are those of the individual and not necessarily
those of the Company.

If you have received this email in error, or if you are concerned with
the content of this email please notify the IT helpdesk by telephone
on +44 (0)121 788 5480.

********************************************************************