Computer maker Dell is warning, according to The Register, that some of its server motherboards have been delivered to customers carrying an unwanted extra: computer malware. It could be confirmation that the “hardware trojans” long posited by some security experts are indeed a real threat.
Unlike hard-drive-based computer viruses which can be disabled by antivirus software, a hardware trojan lives out of reach of such defences. It comprises some kind of alteration – by sabotage or accident – to the very heart of a computer: its microprocessors, memory chips or circuit boards.
News that Dell may have a hardware trojan problem emerged on a support forum after a user was warned by a Dell call centre that the firm’s PowerEdge R410 server motherboard contains spyware of unspecified function that a Dell engineer needed to come and remove.
Dell confirms on the same forum: “The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. This malware code has been detected on the embedded server management firmware.”
Firmware is the semi-permanent software that controls vital internal components. It will be fascinating to find out how the malware got into Dell’s firmware, not least because firmware should have been subject to high physical and computer security procedures.
But the threat of hardware Trojans has been recognised at the highest levels. The Pentagon is spending millions on research designed to ensure it can trust the microchips in critical systems, especially those made outside the US.
Elsewhere, researchers are also investigating the threat from would-be chip-plant saboteurs, who poison the chip-making processes to introduce a “kill switch” that makes the chip fail unexpectedly.