Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phoenix BIOS Phones Home?

Posted by michael on from the BIOS-flashing-suddenly-more-popular dept.

Myrv writes: "There is an interesting thread over at DSL Reports discussing Phoenix Technologies new BIOS. This BIOS contains the PhoenixNet Internet Launch System . ILS resides safely within ROM and is activated the first time a user launches a PhoenixNet-enabled PC with a Windows 98 Operating System. When the PhoenixNet ILS detects an Internet connection, it makes contact with the PhoenixNet server and delivers user-selectable services. These services are delivered to the user as hotlinks on the desktop and in the web browser or, as applications that PhoenixNet automatically packages, downloads and installs. It's 3 a.m., do you know who your motherboard's talking to????" We've gotten a couple of submissions about this - another submitter pointed out this thread and this description by Phoenix. Phoenix has apparently been kicking this idea around for a while - see this old Slashdot story. Does anyone have any more information?

5 of 149 comments (clear)

  1. The only safe computer is an unplugged computer. by Klaruz · · Score: 5

    According to the thread linked to in the story, if the computer boots up with a cool new screen, it's probobly this new BIOS.

    The following venders have signed up: AOpen, Chaintech, ECS, EpoX, Giga-Byte, Jetway, Legend-QDI, MSI, Soltek and Zida. Notice no ABit :)

    <possible troll> (but I don't think so...)
    It was interesting to read in that thread also, that this could bypass the OS level networking code, and use it's own stuff. I don't think I could imagine the destruction that would be cause by millions of PCs with a backdoor/hole/bug in their firmware, that could easily be remotely exploited. If you thought DDOS attacks were bad now, you ain't seen nothing yet.
    </possible troll>

    I didn't notice anything about being able to actually turn this off in the BIOS. There is allready talk of using a hex editor to disable it... Just what we need, buggy roms because the vendor does what people don't want.

  2. It is not automatic by dgb2n · · Score: 5

    This "feature" is built into the bios of my new AMD Thunderbird motherboard, the Iwill KK-266 (nice MB by the way). Its not quite as evil as this article suggests. It is an attempt to get you to sign up with their ISP.

    Unless you activate it within the bios "phoenixNet-enabled PC" and agree to their ISP partnery, you never hear a word from the program. It sits quitely on your bios and never contacts the mothership ;-)

    Also from my mother board manual:

    1. User reads system information from graphic launch screen

    2. User registers MS Windows and completes MS OOBE.

    3. User accepts/Rejects PhoenixNet service

    4. User accepts/Rejects PhoenixNet ISP Partnery

    5. PhoenixNet and ISP icon appear on desktop.

  3. Really very dangerous! by Dr_Cheeks · · Score: 5
    Hmm, it seems no-one at Phoenix is aware of those viruses that can flash a user's BIOS. Sure, mostly they just wipe it, but what if a virus is written to get the BIOS to do something more useful. Like, ooooh, say, connect to a cracker's server and download/install some sort of crack or backdoor (Back Orifice or similar).

    I doubt this is beyond the realms of possibility, and once some clever hack has figured out how to do it the skript kiddeez will soon get hold of it. Hell, maybe it could even be tagged onto a VB app and turned into an Outlook worm - cue millions of cracked boxen that can only be made safe by flashing the BIOS, and how many regular (i.e. non /. visiting) users have the first idea how to do that?

    Please someone tell me if I'm just scaremongering here (and give details), but I do genuinely believe this is a problem waiting to happen.

    --

  4. BIOS spying on you by revin · · Score: 5

    http://home.phoenixnet.com/privacy/pcusers.html
    This is bios level spying and advertising, even from Phoenix's partners. I think most users will not even know it is installed (by default). The only way to get rid of it is flashing your bios, which is quite a dangerous operation for the common user

  5. Another good (safe) summary of PhoenixNet by AFCArchvile · · Score: 5
    CounterExploitation's summary of PhoenixNet

    It sums up everything, and also contains key (annotated) paragraphs from the PhoenixNet site (so if you're too afraid of evil scripts to visit the PhoenixNet site, you can see it safely from this site). The main page of cexx.org (no relation to anything disgusting; it stands for Counterexploitation) has other helpful and interesting pages about spyware, foistware, backdoors, scams, and such. Most of it pertains to Windows, but there's some other cross-platform/no-platform topics there (including a way to make the CueCat output raw barcodes without requiring any software intervention.)

    --
    "Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer