Slashdot Mirror

← Back to Stories (view on slashdot.org)

LightEater Malware Attack Places Millions of Unpatched BIOSes At Risk

Posted by timothy on from the nothing's-perfect dept.

Mark Wilson writes Two minutes is all it takes to completely destroy a computer. In a presentation entitled 'How many million BIOSes would you like to infect?' at security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments. The attack could be used to render a computer unusable, but it could also be used to steal passwords and intercept encrypted data. The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing code across multiple UEFI BIOSes and places home users, businesses and governments at risk.

3 of 83 comments (clear)

  1. Terrible "Article" by txoof · · Score: 4, Informative

    The "article" is three paragraphs and a few quotes full of FUD. There's no real information in there; it contains no good suggestions as to how to check for or deal with bios infections. It takes three clicks to get to a site that actually has some of the research, but that's just a static page listing conference topics. Don't waste another minute on this nonsense.

    --
    This one's tricky. You have to use imaginary numbers, like eleventeen... --Hobbes
  2. Better link by Psychotria · · Score: 4, Informative

    http://conference.hitb.org/hit...

    Better apart from being a damn slideshow

  3. Re:Hardware is trusted by Lumpy · · Score: 4, Informative

    Most older server motherboards had this. you had to install a jumper to enable write for Bios upgrades. Problem is the first thing you did as a sysadmin is install that jumper and leave it there.

    --
    Do not look at laser with remaining good eye.