Malware can actually damage PC hardware

Can software physically damage hardware?


I know a similar question was asked, but it was about installing a 32-bit operating system on a 64-bit laptop. My question is more about the hardware damage.

I was wondering if there was a way to communicate with hardware from the operating system or terminal level in order to cause irreparable damage to it (actual physical damage, not just faulty hardware).

  • Could you bypass security measures and run a CPU so hard that the ceramic actually breaks?
  • Can you write to or connect a hard drive in such a way that the platters are damaged?
  • Could you mess around with memory and fry RAM?
  • Can you blow up a network card?

It is interesting to know what limits the software reaches when you look at a system as a whole.






Reply:


When programs actually run, the CPU load can cause the core temperature to rise. While newer technologies have some impact (dynamic frequency and voltage scaling), this is mainly because certain instructions in the microprocessor use different electrical paths (as opposed to when the processor is simply in idle or low power mode). Various power viruses have been written in the past that exploit this fact to repeatedly execute certain machine code that consumes the most energy and thus generates the most heat (see the question Can a virus melt the CPU?).


You could apply this idea to other hardware in the system as well (which I'll discuss below). Another interesting example is storage devices. You can also write a virus to constantly read and write files to a drive. This is how it becomes much wears out faster (both mechanical hard drives and solid-state drives). They increase the likelihood of mechanical failure in a hard drive and reduce the lifespan of an SSD. If the user is unaware of these constant read / write cycles, you can most likely damage the hard drives within a week if you have implemented this properly.

Some Apple laptops also have a microcontroller built into the battery. Nothing special, but in the past they released a patch that updates the firmware - and now the batteries themselves are prone to firmware hacks.


Now back to heat damage. Some new motherboards offer the ability to change BIOS settings under Windows. In theory, you could write a virus that would increase the tensions in the system to artificially high limits and possibly damage the components (RAM, CPU, north / south bridges). Increasing the voltage and / or overclocking the PCIe bus can also damage some of these components.

One component that I would particularly like to address on a PCIe / AGP bus is the graphics card. This is because most manufacturers provide overclocking tools to increase core speed and voltage. If you take this step a step further, you can also write a virus to use these tools to take both things to dangerous levels. You can either burn it, cross it until it deteriorates, or both!

Note that most computer hardware is protected against overheating and achieves a "thermal shutdown" before damage occurs. Surge protection is possible, but much less common.


The point : It is possible to write viruses that exploit all computer systems. If the target system does not have access to external (or even its own) hardware, you cannot cause too much damage. The best analogy would be trying to hack someone who pulled their ethernet cable out of the wall - you literally have no access to this system.

But says most of the devices in modern computer systems you have access to change physical hardware parameters - namely voltage and core speed. Because these things can be changed it is possible to use viruses and possibly disrupt or completely destroy its operation.







There was always a warning that some older CRT monitors could be damaged if they received a video signal that exceeded the permitted frequencies. I don't know which, but it was a general disclaimer given when adjusting frame rates or manual resolution settings.

Basically, you can only break a CPU if a system does not have proper cooling or a proper power supply installed. It should utilize 100% of the cooling and power with which it is installed.

However all modern CPUs all microcode updates. Intel has always requested that the microcode be encrypted, but AMD has not (doesn't know if this has changed). Might be possible to upload some microcode to a CPU that is doing something nasty.

Repeated writing may wear out the flash memory. This method is likely to "burn out" a BIOS flash chip.

I am sure that hard drive manufacturers equip their devices with hardware interlocks and without the ability to adjust the motor speed, since the hard drive motor is actually only rotating at a constant speed. However, spinning up and shutting down a hard drive introduces stress and premature wear and tear, which can be done in software. Also, it is likely possible to "burn out" a hard drive's firmware flash / EEPROM from repeated bogus updates or hacked firmware that repeatedly writes to internally accessible flash or EEPROM. The same applies to CD-ROM drives.

It is possible to disable fans via software, but many modern CPUs switch off automatically when the temperature is too high. Older CPUs didn't have this protection, but such motherboards didn't have fan controls either.






If your PSU explodes, it won't do the same damage as the one in Die Hard. Sorry for disappointing you.

An engaging article highlighting a software variant recently caused hardware damage in Wired related to the Stuxnet virus. Software that causes command and control software to physically damage core centrifuges. It's just amazing.




In the past there have been a few instances where hardware design flaws have made it possible to damage a machine directly and instantly. In one instance, a single line statement could cause a computer IIRC to short out and catch fire. But the cases I've heard of were on old 8-bit mics.

Apparently the term is called "Killer Poke" but I just uncovered that on a quick google.

I wouldn't be surprised if these things can happen in embedded systems with faulty hardware drivers, but it should be difficult to get to on the most popular hardware platforms - partly because direct access to hardware is controlled, and partly because because these problems should occur. Definitely unusual and very specific to exact hardware platforms. For example, a Blow-Up-Your-Graphics-Card-Poke will likely only work for a specific graphics card.

See - http://en.wikipedia.org/wiki/Killer_poke

TO EDIT - I couldn't find any evidence of 8-bit mics shorting out a killer sack and catching fire. Maybe this was just an urban myth that I picked up on somewhere. But the notes on the HCG CPU instructions (http://en.wikipedia.org/wiki/Halt_and_Catch_Fire) are fun ... the Motorola 6809 processor was used in the Dragon 32, IIRC, I faintly remember.





I once damaged a floppy disk drive and programmed assembly language code to move my head out of bounds. The drive stopped working and I was able to do that with 2 other drives.

But at the time a lot of people doubted it and I never looked at the subject again.

There is some debate about whether rewriting a BIOS (as it did with old viruses) causes physical harm, but a lot of people (including myself) take this out of the problems you mentioned.


Run a CPU so hard that the ceramic actually breaks

No, it is impossible to do anything in software to a CPU to cause a "ceramic break". Although with some CPUs it is possible to change the frequency or power control modes so that the chip is overheating , or to change the outputs so that the transistors Discharge or discharge of too much power (depending on how external components are connected to each other); Both damage the silicone or the pads. The ceramic remains untouched.

It is also possible to block the CPU on a CPU with EEPROM configuration registers (sometimes called "fuses"). For example, embedded processors ( not x86 class as in the original question ) with internal flash that provide code protection options or other options (for example Microchip PIC) which, if incorrectly set, can lead to the code being corrupted (if code protection is activated) When the software tries to read the program memory, instead of of the actual values ​​returned all zeros. This would lock up the system and require reprogramming using an external chip programmer (possibly even removing it from the circuit board to accomplish this).


Most of us only write code for simple small computers and this is unlikely to happen. When you connect to mechanical machines, it becomes more likely.

Recently, the Stuxnet worm was developed to attack Siemens gas centrifuge control software used in uranium enrichment. The centrifuges would spin at a speed that is supposed to damage them.


Many years ago I set up a digital audio tape (DAT) drive as a computer backup drive. They could only write to it indirectly through Retrospect (backup software). Then I found software that allows you to actually mount the drive - use it like a hard drive. It worked ... for a couple of weeks ... and then the tape drive burned out. The tape heads were just not designed to be randomly accessed like a hard drive, and all the beating around destroyed them.

So yes, software can damage (or even destroy) hardware.


Once you've said goodbye to regular desktop computers, even non-malicious software bugs can lead to spectacular hardware failures:

  • The Mars Climate Orbiter - more than $ 500 million spent on mission, destroyed by a metric-to-imperial conversion error.

  • Ariane 5 Flight 501 - destroyed by an integer overflow bug resulting in missile and spacecraft loss and costing more than $ 370 million.

  • Two F-22 Raptor aircraft worth $ 150 million crash due to various bugs.

  • Faults in the Chinook helicopter's FADEC software were at least partially responsible for the ZD576's crash and the deaths of 29 people.





This depends in part on the limitations imposed on the hardware during development. If there is a bomb attached to the computer that is about to be triggered, then the software is likely to be pretty effective at destroying the hardware. However, prevent direct access to the detonator and the hardware will be secure.

To damage hardware with software, you need:

  • Hardware that can damage itself
  • a way for the software to control this ability (e.g., a user interface, API, low-level access, or errors in access restrictions)
  • a way to change / manipulate / install / run software

Yes, at least for poorly designed hardware. However, modern hardware must meet various security regulations that limit its ability to damage itself. Modern CPUs switch off when they overheat, modern hard drives / CDs / DVDs / Blu-ray drives have a predefined speed, etc.; There are all kinds of security mechanisms that hardware manufacturers put in place to prevent faulty software (including faulty drivers and firmware) from damaging the hardware.

While these security mechanisms are by no means foolproof, it is very difficult to damage well-designed hardware with software alone. The best that software can do is to use the hardware in a way that maximizes its wear and tear.


The easiest way to damage hardware is with embedded systems, where you can access the individual pins of a microcontroller. You can simply set an input as an output or vice versa and cause a short circuit. I can only imagine this being useful for damaging the PC if you have access and are able to change the firmware of some hardware components.


Sure, it is possible to cause harm on many systems by getting into the BIOS level controls. Simply turning off the fan and then running a computationally intensive program will damage many systems (although some contain hardwired thermal limiters). In some systems, you can set the voltages through a program, etc., and in some, you can set the processor duty cycles and the like. (This is especially true for laptops, which often have extensive power control logic.)

And of course with older monitors there were ways to damage them with the wrong refresh rate or even to switch off the video completely. (Most modern monitors contain self-protection logic.) And, as mentioned earlier, some floppy drives can cause damage by driving your head over its limits. (I ran into this problem.)

I had a Nokia n97mini phone whose display was damaged from overheating when the CPU got into a tight loop and overheated. The layers of the display separated from the heat. I would guess other cell phones have similar dangers.


Only if the hardware is badly designed. For example, the software controls the speed of the electric motor by changing the voltage. However, the motor is designed to burn out if the highest voltage is used for more than 1 minute. As you can imagine, software can easily cross that limit. However, if the motor has a specific shutdown current when its temperature reaches a certain limit, the motor will survive whatever the software tries.

Back to my other post where I accused Windows 7 + Dell BIOS of being able to kick a hard drive.


Years ago I read a book about computer viruses and the one that caught my attention the most was that Turkey virus, that could actually kill hardware.

A variant of the virus would focus the beam in a CRT monitor so that it burns out. By burn, I don't just mean burning in phosphorus, although that was a side effect, but the electron gun would fail and the monitor would fail completely leave dead.

Another variant of the virus would perform mathematical calculations in such a way that the co-processor overloads and burns out.

Of course, this was some time ago in the days of older hardware that was prone to this type of attack. Fortunately, modern hardware is generally designed to prevent this from happening, but that probably won't stop anyone determined enough.


Also, it would be relatively easy for a virus to kill the BIOS. There's a reason BIOS flashers always warn you not to turn off or reset the system while flashing. This is because an incomplete write corrupts the BIOS and the BIOS corrupts the basic Input output system of the computer is. If you damage it, that will system inoperable. Once upon a time the BIOS could only be flashed from pure DOS mode, but Windows flashers have been around for some time. There is nothing that can stop a virus from writing nasty things to the BIOS and killing the system. That is exactly what CIH / Chernobyl did in 1999.

Fortunately, some motherboards come with two versions of BIOS so that the backup can be used in the event that the primary BIOS is corrupted, and others allow resetting or reflashing a corrupted BIOS, but not all can or can.


In general, the answer is: software cannot damage hardware. There are exceptions, however. Does anyone remember that software on the original IBM PC could damage either the monochrome adapter board or the monitor? That was definitely an eye opener.

In many cases, hardware control of devices is tied to software so that defective software can damage the physical hardware.


A relevant term for this is the "killer poke", which describes the insertion of a value into a register (the "poke" command) that the hardware could not tolerate. The Wikipedia page for "Killer Poke" has several examples.

Early hard drives can suffer all kinds of damage. The read / write heads can sometimes be moved so far beyond the turntable that they hit the spindle axis or the housing. Doing so could either damage the read / write heads or cause misalignment.

Modern ink printers and scanners often only have a limit switch on one side of the track of their print head or the CCD bar. Only the firmware protects them from moving out of range (and crashing into things). In theory, a firmware update could be developed that not only blocks such a device but also causes physical damage.

There are also soft "killer sticks". The life of a hard drive can be shortened significantly by maximizing stress and heat. Incidentally, Windows is delivered with such a "function". If you create more than one software RAID partition on a hard drive and the RAID needs to be synchronized (e.g. after an unexpected restart), all partitions will be synchronized at the same time. Moving the drive heads back and forth between extreme positions at maximum speed, probably for several days, as throughput is minimal in this condition. For SSDs, on the other hand, a permanent maximum of write operations is required in order to be able to fail at an early stage.


The older BBC microcomputer had a relay that started and stopped a tape drive. In general, you would activate the relay via a command before loading a program and then deactivate the relay.

When activating or deactivating the relay, there will be a loud click from inside the housing and a quick toggle of the relay state will generate a buzz. A different frequency of activation and deactivation would produce different buzzing tones. You can then use this to play a melody.

However, the relay wasn't rated for as many power-on cycles, and this could and eventually would irreparably damage the relay, which would prompt the owner of the computer to purchase a new one that would have to be physically soldered on to replace the motherboard with the old one.

I learned this from my own experience but never replaced the broken relay as I had a hard drive based system and switching the relay was just for fun.

If I remember correctly, there were even warnings about this in the programmer's reference manual that came with the BBC Micro.

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalized content and targeted ads, to analyze our website traffic, and to understand where our visitors are coming from.

By continuing, you consent to our use of cookies and other tracking technologies and affirm you're at least 16 years old or have consent from a parent or guardian.

You can read details in our Cookie policy and Privacy policy.