New BIOS threat

Toggle sidebar Toggle sidebar
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,571
10,206
126
Wow, that's pretty sinister. I knew it was possible, I suppose it was only a matter of time before it really happened.

If one were to get something like this on their system, what would be the procedure for disinfection?

DBAN, followed by booting off of a USB flash drive, and flashing the BIOS?

Of course, most USB flash drives don't have write-protect switches (which is FUNDAMENTALLY STUPID), so there is a chance that the corrupted BIOS would corrupt the MBR of the flash drive, before the flash program could run, to wipe the corrupted BIOS.
 
Modelworks

Modelworks

Lifer
Feb 22, 2007
16,240
7
76
The problem with a threat like this is it is more likely to corrupt most bios than it is to patch the bios and have the malware work. Bios are very specific to the board they are installed on and you can't just patch in something like ISA support and expect it to always work. Some bios have completely removed all support for ISA and there is no way to just add it back without re-targeting some of the code.

The easy way to protect against this is to disable the write pin on bios chips. Most of the newer boards and some of the older ones have an eeprom that has a WE pin, that pin is Write_Enable. Most boards ground that pin meaning writing is always enabled. Remove that ground and use a jumper so default is write disabled.
 
Last edited:
Modelworks

Modelworks

Lifer
Feb 22, 2007
16,240
7
76
VirtualLarry said:
If one were to get something like this on their system, what would be the procedure for disinfection?
Click to expand...

flash bios off a new image and then replace hard drive and format from a cd.

All of this is going to get worse because of the way that current OS implement the kernel. Even linux is vulnerable to this kind of attack . The problem is the mindset that some programs need to be admin or root to install . Once those programs have admin/root access nothing watches over the program to see if what it is doing is secure. A program can claim to be installing itself but then also look around on the system and change other programs.

The fix is some of the newer approaches to OS design that make it so even with full admin rights one program cannot see anything outside of its own domain. So even when installing a program that program can only see the folder it is installing to, it can't access windows, program files , documents, or anything else. It is essentially locked in its own virtual machine without the ability to change anything on the system except what is in its own root folder.

The current OS models are old, forged 20 years ago, and have been patched over and over to try to fix the problem. Sometimes you just need to start over.

A good read on one of the new OS frameworks.
http://genode.org/home-page/documentation/general-overview
 
Chiefcrowe

Chiefcrowe

Diamond Member
Sep 15, 2008
5,055
198
116
Thanks for that link, new OS frameworks are pretty fascinating!

Modelworks said:
flash bios off a new image and then replace hard drive and format from a cd.

All of this is going to get worse because of the way that current OS implement the kernel. Even linux is vulnerable to this kind of attack . The problem is the mindset that some programs need to be admin or root to install . Once those programs have admin/root access nothing watches over the program to see if what it is doing is secure. A program can claim to be installing itself but then also look around on the system and change other programs.

The fix is some of the newer approaches to OS design that make it so even with full admin rights one program cannot see anything outside of its own domain. So even when installing a program that program can only see the folder it is installing to, it can't access windows, program files , documents, or anything else. It is essentially locked in its own virtual machine without the ability to change anything on the system except what is in its own root folder.

The current OS models are old, forged 20 years ago, and have been patched over and over to try to fix the problem. Sometimes you just need to start over.

A good read on one of the new OS frameworks.
http://genode.org/home-page/documentation/general-overview
Click to expand...
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,157
13,567
126
www.anyf.ca
Scary, did not realize this was possible.

The worse thing about viruses today is that it's no longer based on user stupidity of opening emails that are obviously infected. Browsers, because of flash, pdf plugins, and all that crap, are all very insecure. Firefox, Chrome, IE, all of em. You just need to land on a malicious site and it can easily activate such a virus.

So just by surfing the internet, your bios could get corrupted. Quite scary when you think about that.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom