Rootkits to infect the BIOS

Started by Rik, Mar 25, 2009, 10:59:23

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Rik

El Reg reports that:

QuoteResearchers have demonstrated how to create rootkits that survive hard-disk reformatting by injecting malware into the low-level system instructions of a target computer.

The researchers, from Core Security Technologies, used the techniques to inject rootkits into two computers, one running the OpenBSD operating system and the other Windows. Because the infection lives in the computer's BIOS, or basic input/output system, it persists even after the operating system is reinstalled or a computer's hard drive is replaced.

While researchers have focused on BIOS-based rootkits for at least three years, earlier techniques generally attacked specific types of BIOSes, such as those that used ACPI, or Advanced Configuration and Power Interface. The techniques demonstrated by the Core researchers work on virtually all types of systems, they said.

Of course, injecting code into the BIOS is no easy feat. It requires physical access to the machine or an exploit that hands an attacker unfettered root access. But the research, presented at last week's CanSecWest security conference by Anibal L. Sacco and Alfredo A. Ortega, does demonstrate that infections will only become harder to spot and remove over time. ®

Now that is worrying...  :shake:
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Odos

Worrying yes but it's nothing new.

Years ago when I was active in programming you could do this type of thing from Dos. I don't know, but I always assumed this was why they put password protection on bios modification. On my last few motherboards I've not seen the option to "lock" the bios, wonder if it will return now  :dunno:
Tony

Rik

It sounds like it might have to, Tony. :(
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

I sometimes wonder if all the scaremongering gives majware writers ideas that they wouldn't otherwise have had?
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

gizmo71

Quote from: Odos on Mar 25, 2009, 11:13:42
Years ago when I was active in programming you could do this type of thing from Dos. I don't know, but I always assumed this was why they put password protection on bios modification. On my last few motherboards I've not seen the option to "lock" the bios, wonder if it will return now  :dunno:

I always assumed the password protection was just to stop casual tampering by people with physical access. It never occurred to me that it might prevent programmatic access. Perhaps in future it will if it didn't already.
SimRacing.org.uk Director General | Team Shark Online Racing - on the podium since 1993
Up the Mariners!

Odos

I learned a long time ago the only "secure" system was one that cannot be turned on  :hehe:

But on a more serious note, as far as I know the only secure bios is one that resides on a Rom and not an Eprom. The downside of course is the only way of upgrading means replacing the chip as in the old BBC micros, I personally I prefer this method though  ;D
Tony

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.