Slashdot Mirror

← Back to Stories (view on slashdot.org)

Persistent BIOS Rootkit Implant To Debut At CanSecWest

Posted by timothy on from the deep-in-the-tunnels dept.

msm1267 writes Research on new BIOS vulnerabilities and a working rootkit implant will be presented on Friday at the annual CanSecWest security conference. An attacker with existing remote access on a compromised computer can use the implant to turn down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed. The devious part of the exploit is that the researchers have found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure and privacy focused operating systems such as Tails in the line of fire of the implant.

Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails' built-in protections, including its capability of wiping RAM.

2 of 120 comments (clear)

  1. Re:Socketed Firmware Here We Come by courteaudotbiz · · Score: 3, Informative

    If you read TFA, it says the attacker has to already have access to the remote computer to root the system, so being cautious in the first place should be OK, or at least sandboxing your hazardous activities in a VM could do the trick.

  2. Re:We desperately need unflashable firmwares by denis-The-menace · · Score: 4, Informative

    Kanguru SS3â with Physical Write Protect Switch
    High-Performance USB3.0 Flash Drive

    http://kanguru.com/storage-acc...

    I agree with you. WP should but the standard, not the esoteric.

    --
    Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration