If there’s one thing we’ve learned over the years, it’s that if it’s got a silicon chip inside, it could be carrying a virus. Research by one group focused on hiding a trojan inside an AVR Arduino bootloader, proving even our little hobbyist microcontrollers aren’t safe.

The specific aim of the research was to hide a trojan inside the bootloader of an AVR chip itself. This would allow the trojan to remain present on something like a 3D printer even if the main firmware itself was reinstalled. The trojan would still be able to have an effect on the printer’s performance from its dastardly hiding place, but would be more difficult to notice and remove.

The target of the work was the ATmega328P, commonly used in 3D printers, in particular those using the Marlin firmware. For the full technical details, you can dive in and read the research paper for yourself. In basic terms, though, the modified bootloader was able to use the chip’s IVSEL register to allow bootloader execution after boot via interrupt. When an interrupt is called, execution passes to the trojan-infected bootloader’s special code, before then returning to the program’s own interrupt to avoid raising suspicion. The trojan can also execute after the program’s interrupt code too, increasing the flexibility of the attack.

Simply reflashing a program to an affected chip won’t flush out the trojan. The chip instead must have its bootloader specifically rewritten a clean version to remove the offending code.

It’s not a super dangerous hack, overall. Typically, flashing a malicious bootloader would require physical access to the chip. Furthermore, there’s not heaps to be gained by sneaking code onto the average 3D printer out there. However, it’s nonetheless a good example of what bootloaders can really do, and a reminder of what we should all be careful of when operating in security-conscious domains. Stay safe out there!

Trojan 77 is a gamified simulation of the Trojan virus running on Arduino Uno. The Trojan is a malware designed to provide unauthorised remote access to a user’s computer amongst other harmful possibilities and this prototype was designed to be exhibited at a technology museum to show the most important effects the virus. Inspired by the tilting labyrinth game, the prototype simulates a few key effects of the Trojan virus like passwords leaking out, files being deleted and culminating in a system crash.

Trojan 77  was created by a team of Physical Computing students (Dhrux Saxena, Gunes Kantaroglu, Liliana Lambriev, Karan Chaitanya Mudgal) at CIID:

The idea of designing something analog to explain a digital construct was an exciting challenge to undertake. The way that computer viruses operate can be very complicated and hard to explain without overloading people with detailed information. Making this information visual via animated projections helped to communicate the effects in a fun and memorable way.

The Trojan moved through several prototyping stages. Initially, the wooden structure was built, followed by the maze. The structure as a whole became functional with the addition of Arduino and Processing. Two servo motors controlled by a joystick enabled the tilt while the movement of the ball triggered distinct light sensors which in turn triggered events in a Processing sketch mapped onto the maze.

The students created also a great video documentary  to explain the project with a style inspired by the work  of Charles and Ray Eames: