Saturday, 1 August 2015

BIOS Dell Computers Vulnerable To Attackers

Researchers have discovered a vulnerability in the Dell BIOS implementation, allowing an attacker to overwrite the contents of the BIOS. Possible implementations of other manufacturers are also vulnerable.The problem occurs when a system wakes from hibernation.

BIOS (Basic Input / Output System) and the Unified Extensible Firmware Interface (UEFI), the successor to the BIOS, is a set of basic instructions for communication between the operating system and the hardware. It is essential for the operation of the computer, and also the first major software that is loaded.

Normally, the computer has a security that must prevent the BIOS can be overwritten by an attacker. In the case of Dell computers write protection is not enabled by the BIOS implementation, so the BIOS can be overwritten. An attacker would overwrite the BIOS of a Dell computer, the system must therefore first let go in sleep mode, to get the system then from there.

This also required that the BIOS update is digitally signed, as well as other security measures to prevent any BIOS update, circumvented. Before that warns the CERT Coordination Center (CERT / CC) at Carnegie Mellon University. The CERT / CC points to the Dell website for updates, but it is unclear which models the problem is present. Previously was a similar problem encountered at Apple. Apple has since rectified the issue.

No comments:

Post a Comment