Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rootkits Head for Your BIOS

Posted by Zonk on from the get-me-off-of-the-internet-please dept.

Artem Tashkinov wrote to mention a SecurityFocus article which discusses a disturbing new threat to computer security: Rootkits that target a computer's BIOS. From the article: "One rootkit expert at the conference predicted that the technology will become a fundamental part of rootkits in the near future. 'It is going to be about one month before malware comes out to take advantage of this,' said Greg Hoglund, a rootkit expert and CEO of reverse engineering firm HBGary. 'This is so easy to do. You have widely available tools, free compilers for the ACPI language, and high-level languages to write the code in.'" Update: 01/27 14:28 GMT by Z : John Heasman wrote with a link to the slide presentation on this topic given at the Black Hat Conference (pdf).

10 of 287 comments (clear)

  1. Solution by CastrTroy · · Score: 5, Interesting

    They should just make the motherboard have a physical switch on it that stops your bios from getting written to. For the number of times i've had to flash my bios, it'd be a small price to pay to have to open my computer , just to have the piece of mind that some virus wasn't overwriting my bios. If it was a software setting, then there would be a way around it, but if there was a physical switch, that disconnected the write lines, then it would probably be pretty hard for a hacker to get around that.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    1. Re:Solution by CastrTroy · · Score: 5, Insightful

      No, on the inside would stop it from being tripped by accident, or by users who have no idea what it does and decide to start playing with it. Also, all updates to the BIOS should just be stored on a secondary chip, and have to be confirmed when the user boots up the next time before it is copied to the actual bios. And there should be a third read only chip containing the original bios, which could somehow be loaded in the case of an emergency/mistake. BIOS chips can't really be that expensive, so putting extra security measures in place to not get your system hosed are important.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    2. Re:Solution by cogg · · Score: 5, Funny
      I still have to explain to my parents that the box beside the monitor is actually the computer. They think it's built into the monitor.
      You can blame apple on that.
      *ducks*
      --
      "Never 'clear the air'. Instead, investigate all the subtle nuances of the word 'fester'." - R. Candappa
  2. Hoglund? by IamTheRealMike · · Score: 5, Interesting
    Though this does not and should not reflect upon his findings or the articles, it should be noted that Hoglund is not only a rootkit "expert" but also a blackhat who enjoys developing cheats for World of Warcraft. When the Warden came out and put a stop to this little business his Wow!Sharp software got nailed and (presumably) he began losing money.

    In other words, anything this guy says or does is in my mind suspect .... he writes rootkits and other forms of "attacking software", so for all we know this asshole is getting ready to post example code to the net. It wouldn't be the first time.

    1. Re:Hoglund? by SilverspurG · · Score: 5, Informative

      He's also the author of a well-known book on rootkits. It's a pretty good read. Maybe you should revise your ill-informed personal opinion.

      He doesn't just write rootkits. He teaches seminars on how to write them. He's not a blackhat any more than the this guy. I guess that puts you on par with Oracle.

      --
      fast as fast can be. you'll never catch me.
  3. What will be interesting by HangingChad · · Score: 5, Interesting
    Is when security companies start checking for BIOS rootkits is if they find something there already staring back at them.

    I'm wondering at the possibility this has been done before and not detected because no one looks there?

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  4. Awfully specific by truthsearch · · Score: 5, Funny

    It is going to be about one month before malware comes out to take advantage of this.

    That's an extremely specific prediction. I think we know who they should look at first when these rootkits show up...

    --
    Developers: We can use your help.
  5. Re:Really? by Shanep · · Score: 5, Informative

    Where are such tools? If I knew such things existed, I would have experimented in "bricking" some of my machines YEARS ago

    Well there is UNIFLASH with source code. Then there are the likes of CBROM and AMIBCP to modify BIOS images and remove and add/enable drivers, functionality and boot screen graphics. Here and here are good places for info and tools.

    --
    War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
  6. You Young Whippersnappers! by Anonymous Coward · · Score: 5, Insightful

    Way way back in the summer of 1994 we use to have viruses that would write themselves to the boot sector of our hard drives and some of them would even overwrite our Bios. I wouldn't expect you to know about it, since it happened so long ago but, those were tough times. Some PC manufacturers would even put antivirus detection software in their Bios to detect and prevent these Bios viruses. Sometimes it worked. Other times your system was hosed!

    Grandad Admin.

    In all seriousness, I am surprised at the lack of malicious viruses today. In yesteryears, viruses wiped out data, wiped out file allocation tables, wiped out Bioses, wiped out PCs. In comparison, todays "malware" seems rather tame or even benign.

  7. Re:What about EFI? by Burz · · Score: 5, Insightful

    A new EFI system is what you're supposed to buy in response to BIOS-scare stories.

    That's what about EFI.