[Can Hardware Viruses Burn Hardware?]
So-called hardware viruses, the most typical example of which can write garbage data to the BIOS chip, causing the BIOS to fail and thus preventing the computer from starting. The solution is to flash the BIOS program back into the BIOS chip. A notorious trojan known as the BMW trojan once circulated in China, which would write a piece of code into the BIOS; every time the machine started, this code would execute. Therefore, once infected with this trojan, without special defensive measures, the system would forever remain infected by the virus. This type of BIOS infection is generally referred to as a BIOS Rootkit, which differs from CIH in that it does not destroy the BIOS to prevent the user from starting the computer, but rather aims for permanent control over the user’s computer. However, since each manufacturer produces BIOS in different ‘formats’, it can only infect a specific type of BIOS and cannot ‘eat’ all, thus its infection capability is not as strong as that of general system trojans.
In recent years, Intel has developed an Active Management Technology (AMT), which embeds an independent embedded system within the chipset to manage the computer. Security researchers abroad have developed a method to write code into the chipset to gain control over the computer.To make these hardware trojans work, the most important condition is that the chips of these hardware must be writable, and it is also necessary to discover the interface for writing to the chip and the organization format of the chip data. However, these technical documents may not necessarily be publicly available from manufacturers, and code debugging lacks professional equipment support. Therefore, doing this kind of thing is relatively difficult and certainly not as easy as implementing a common trojan.
Hardware viruses, such as those hidden in the BIOS, ultimately still represent an attack on software. Many chips that we see are actually run by some special embedded CPUs that operate embedded systems and software to form a System on Chip (SoC). Even now, the ubiquitous x86 compatible CPUs require a translation and control process from the x86 instructions received by the CPU to the actual machine instructions, using microprograms composed of microinstructions. Of course, because these embedded systems and software are often not open source or some interfaces are not fully disclosed, attacking them is relatively more difficult than for standard desktop OSs. However, from a principle perspective, it is not something entirely unbelievable.
Of course, for attacks on such chips, there is also a prerequisite that the embedded systems and software are stored in electrically erasable ROM. If it is read-only, then no matter how advanced the virus is, it would be of no use. However, with the decrease in unit prices, many chips seen today use flash memory, which has the advantage of being easy to update.Next, the claims about ‘burning hardware, burning chips’ are often exaggerated. For example, if the ROM of a SoC chip’s system part is cleared, it naturally cannot function normally, leading many people to believe that it has ‘burned out’. This actually accounts for the vast majority of cases.
Only a small portion actually involves burning out, mainly by using certain special instructions to make the chip operate continuously beyond its limits. When the heat exceeds the design range, it will burn out. However, in modern chip industrial design, this is becoming increasingly difficult, as even slightly higher-end chips come with temperature sensing and control features. If the temperature exceeds a certain threshold, they will automatically reduce the working frequency, and the peripheral system design has also taken sufficient consideration for heat dissipation, making it increasingly difficult to simply burn out a chip through overload.
The infection capability of hardware viruses is not as strong as that of general system trojans, and it is very difficult to actually burn hardware, as modern devices are designed with robust protection against hardware damage.
