Washington, May 1 : American technologists have warned that hackers may soon start using malicious hardware in place of computer viruses to steal important records like credit card details and passwords from their victim's PCs.
Samuel King, an expert from the University of Illinois at Urbana-Champaign, says that such malicious hardware will be much more difficult to detect as compared to computer worms.
He and his colleagues have shown that they could gain control of a computer by adding malicious circuits to its processor.
Since such circuits interfere with the computer at a deeper level than a virus, they effectively operate 'below the radar' of anti-virus software.
For determining the risk from malicious hardware, the researchers designed their own malicious circuits.
The research team used a processor called a field programmable gate array (FPGA), whose logic circuits can be rearranged, to create a replica of an existing open source processor called Leon3, which contains around 1.7 million circuits.
About 1000 malicious circuits, not present in Leon3, were then added.
The researchers observed that the circuits allowed them to bypass security controls on Leon3 in a similar way to how a virus hands control of a computer to a hacker, but without requiring a flaw in a software application.
Upon hooking the FPGA up to another computer, the researchers were able to steal passwords stored in its memory and install malicious software that would allow the operating system it was running to be remotely controlled.
"Once you have this mechanism in place, you can do whatever you want," said King, who presented the work at the Large-Scale Exploits and Emergent Threats conference in San Francisco last month.
The researcher, however, said that sneaking malicious hardware onto a chip would not be as easy as installing a virus.
He said that the attacker must either have access to a chip during its design or manufacture, or be capable of manufacturing their own chips, which they would then have to sell to computer makers, or slip into computers during assembly.
"It's not something someone would carry out on weekends," says King.
However, King also said that one might understand the risk looking at the fact that some Apple iPods and Seagate hard drives were recently found to have been sold with viruses pre-installed.