Tuesday, 14 July 2015

Hacking Team Has BIOS Rootkit For Permanent Infection

The Italian Hacking Team has an UEFI BIOS rootkit to infect computers with spyware permanently from the company. This enables the Japanese anti-virus company Trend Micro on the basis of the data that was recently at the Italian company captured.

Hacking Team offers government agencies a "Remote Control System" (RCS) allows investigators to remotely access the computers, for example, suspects can get. To ensure that the software remains on computers even if the hard drive is formatted or replaced by a new one, Hacking Team has an UEFI BIOS rootkit developed.

The BIOS (Basic Input / Output System) and the Unified Extensible Firmware Interface (UEFI), the successor to the BIOS is a set of basic instructions for communication between the operating system and hardware. It is essential for the operation of the computer, and also the first major software that is loaded. In the case of Hacking Team involves a rootkit for UEFI BIOS, Insyde Software. The company makes BIOS software for laptops.

Physical Access

To install the rootkit do have to have physical access to the system can be obtained. According to analyst Philippe Lin Trend Micro can not be ruled out that it is also possible to remotely install the rootkit. The Italian company also developed a tool to help users of the rootkit and provides support in the event the BIOS image is not compatible. According to Lin, the rootkit can be modified so that it also works with other BIOS software, such as the well-known software vendor AMI.

To protect themselves against the attacks, users of Lin's advice to enable UEFI Secure Flash BIOS, update the BIOS if updates are available and set a password to access the BIOS or UEFI. However, it is in many computers as possible to reset the password, but in this case, a user can see that something is wrong because he forgot no longer have to specify whether his original password no longer works.

No comments:

Post a Comment