Independent security researcher Arrigo Triulzi is set to unveil one such attack on Friday at the CanSecWest security conference. He calls his technique the Jedi Packet Trick. It essentially installs a clandestine virtual private network inside a firewall by hacking the firmware of the victim's networking cards.

Using a little-known remote factory diagnostic mechanism used by certain Broadcom cards, Triulzi has developed a way of installing customized firmware that instructs the card to directly pass packets to another card without telling the operating system. "You trick the operating system into believing that packets going between two different network cards don't exist," he said.

Triulzi wouldn't say what cards his attack works on, but he said that he has tried it on two similar cards, both of them about four years old.

He sends specially crafted packets to the network's firewall, which must be running a vulnerable networking card. It receives the packets and then installs the malicious firmware. That update is then leveraged to seek out and attack a second vulnerable networking card, creating a firewall-free tunnel into the network.

Because networking cards have direct access to the computer's memory, Triulzi is able to use his firmware to install code on the computer's graphics card that he can then use as a virtually undetectable back door to his victim's computer. The networking card doesn't have enough memory to handle this kind of space, but today's graphics cards are more than up to the job, he said.