Tuesday, 24 March 2015

Many Computers Vulnerable To BIOS Leak

Estimated that millions of computers contain vulnerabilities in the BIOS (Basic Input / Output System) allowing attackers permanently infect a system and then steal all kinds of data. That researchers were LegbaCore Last week, during the CanSecWest conference in Vancouver. BIOS is a set of basic instructions for communication between the operating system and the hardware. It is essential for the operation of the computer and also the first major software that is being loaded.

During their demonstration ( pdf , pptx ), the researchers got different "incursion" vulnerabilities in the System Management Mode (SMM) see. SMM is a mode of Intel processors that firmware can perform certain functions. By using this mode, for example, the contents of the BIOS chip to be adapted or used for the installation of a "implant". Hence, it is possible to install and rootkits to steal passwords and other data from the system.

SMM malware also gives the opportunity to read all the data is in the machine's memory. The researchers therefore showed how they were able to access a BIOS through the incursion vulnerabilities, and then install the "Light Eater SMM implant" there. Via this malware they could GPG keys, passwords and steal decrypted messages from the Tails privacy operating system on an MSI computer.

Tails is a privacy and security-oriented operating system that can be loaded from DVD or USB stick. Tails removes even when closing all kinds of data from memory. Through the BIOS malware makes does not matter anymore, because all data from the memory of the computer can be stolen before cleanup occurs.


To install the BIOS malware attacker has two options, either through malware on your computer, for example, via an infected email or drive-by download. The second way is to have physical access to the system. The researchers would have already reported the problem to several manufacturers who are now working on a solution.

Even if released BIOS updates will probably have little effect. Most people install because no BIOS updates, the researchers said. According to the CERT / CC at Carnegie Mellon University are the vulnerabilities at least in systems from Dell and HP found. However, the status of many other suppliers is unknown.

No comments:

Post a Comment