Rootkits to infect the BIOS

Started by Rik, Mar 25, 2009, 10:59:23

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Print
Go Down Pages1
User actions

Rik

Mar 25, 2009, 10:59:23
El Reg reports that:

QuoteResearchers have demonstrated how to create rootkits that survive hard-disk reformatting by injecting malware into the low-level system instructions of a target computer.

The researchers, from Core Security Technologies, used the techniques to inject rootkits into two computers, one running the OpenBSD operating system and the other Windows. Because the infection lives in the computer's BIOS, or basic input/output system, it persists even after the operating system is reinstalled or a computer's hard drive is replaced.

While researchers have focused on BIOS-based rootkits for at least three years, earlier techniques generally attacked specific types of BIOSes, such as those that used ACPI, or Advanced Configuration and Power Interface. The techniques demonstrated by the Core researchers work on virtually all types of systems, they said.

Of course, injecting code into the BIOS is no easy feat. It requires physical access to the machine or an exploit that hands an attacker unfettered root access. But the research, presented at last week's CanSecWest security conference by Anibal L. Sacco and Alfredo A. Ortega, does demonstrate that infections will only become harder to spot and remove over time. ®

Now that is worrying...  :shake:
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Odos

#1
Mar 25, 2009, 11:13:42
Worrying yes but it's nothing new.

Years ago when I was active in programming you could do this type of thing from Dos. I don't know, but I always assumed this was why they put password protection on bios modification. On my last few motherboards I've not seen the option to "lock" the bios, wonder if it will return now  :dunno:
Tony

Rik

#2
Mar 25, 2009, 11:17:16
It sounds like it might have to, Tony. :(
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

#3
Mar 25, 2009, 11:20:25
I sometimes wonder if all the scaremongering gives majware writers ideas that they wouldn't otherwise have had?
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

#4
Mar 25, 2009, 11:21:08
Possible, but probably not. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

gizmo71

#5
Mar 25, 2009, 11:42:13
Quote from: Odos on Mar 25, 2009, 11:13:42
Years ago when I was active in programming you could do this type of thing from Dos. I don't know, but I always assumed this was why they put password protection on bios modification. On my last few motherboards I've not seen the option to "lock" the bios, wonder if it will return now  :dunno:

I always assumed the password protection was just to stop casual tampering by people with physical access. It never occurred to me that it might prevent programmatic access. Perhaps in future it will if it didn't already.
SimRacing.org.uk Director General | Team Shark Online Racing - on the podium since 1993
Up the Mariners!

Odos

#6
Mar 25, 2009, 11:50:56
I learned a long time ago the only "secure" system was one that cannot be turned on  :hehe:

But on a more serious note, as far as I know the only secure bios is one that resides on a Rom and not an Eprom. The downside of course is the only way of upgrading means replacing the chip as in the old BBC micros, I personally I prefer this method though  ;D
Tony

Rik

#7
Mar 25, 2009, 11:52:44
Me too, I remember it well. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.
Print
Go Up Pages1
User actions