Related papers by Arrigo Triulzi @cynicalsecurity posted to Twitter today in response to this thread: Project Maux Mk.II (2008) http://t.co/h1gDtV4Vlr The Jedi Packet Trick takes over the Deathstar (2010) http://t.co/ENlITkJEoX Project Booshoo or the Emporer's Modified Mind (2011) https://t.co/33trlpJkFG ----- At 03:36 AM 2/13/2014, Bill Stewart wrote:
At 06:42 PM 2/12/2014, Peter Gutmann wrote:
http://www.livehacking.com/tag/network-card-backdoor/
Proof of concept was been proven in 2010. Practical application is probably being done by now. Somebody is asleep behind the wheel if it is not.
It was demonstrated well before then, Arrigo Triulzi had demonstrated running an SSH server inside a NIC several years earlier.
Back in the mid-80s I ran a secure computer center (with a huge VAX 11/780 :-) and the Army/DoD/NIST rules for secure computers needed to know who wrote the channel programs that the computer was using. Channels were a mainframe thing, which predated the VAX; the closest equivalent we had was a KMC11 processor that sat in the Unibus and handled interrupts and cooked-mode input for the serial cards.
So yes, proofs of concept have been around for a while :-)