Network Processing Units – The Next Big Botnet Housing Boom?
Network processing units (NPUs) are likely the next biggest thing in computer networking. NPUs are computer processors specifically designed to handle network-related functions. These little processors are typically found on embedded systems, but recently there have been moves to bring them into the realm of personal computers (PCs). One notable example is a network card (called KillerNIC) that's designed to make gaming over the Internet faster. It's specifically designed to handle user datagram protocol (UDP) communications that are most often deployed in highly interactive computer games. Given that computer games were a large driver in video card technology, it is reasonable to assume that NPU network cards will become common in the near future.
But what are the security implications of deploying NPUs on PCs? Each network card would need to have embedded software to run it; so basically, your network card becomes a computer within a computer that specializes in running network-related activities. Realizing this, the NPU network cards are likely to become a lucrative target for malicious activity.
Imagine a situation where NPU network cards are commonplace. Then, imagine a botnet that takes advantage of them. Malicious software could attack and potentially compromise an NPU network card without even bothering with the PC itself or the operating system running on it. If bot software controlled an NPU, it could eavesdrop on all network communications originating and terminating at the compromised computer, and it could carry out further attacks targeting other NPU network cards. And, it could do all of this without being detected by conventional antivirus methods. To malicious code writers, it could mean a fresh platform to perpetrate malicious activity. If such NPU cards could be manipulated, it is possible that software could be installed to generate any kind of network data, including spam, phishing Web sites, etc. The sky may be the limit.
Of course, there would be some natural caveats to this. It is likely that NPU network cards would be proprietary and closed systems that would make it difficult for attackers to reverse engineer. Also, there may be very little standardization between companies releasing NPU based cards, not to mention between different NPU card products released by the same company. In any case, to protect against something that didn’t interface with a PC operating system there would need to be strong network-based detection schemes that could identify, quarantine, and disinfect infected cards.