Slashdot Mirror

← Back to Stories (view on slashdot.org)

LightEater Malware Attack Places Millions of Unpatched BIOSes At Risk

Posted by timothy on from the nothing's-perfect dept.

Mark Wilson writes Two minutes is all it takes to completely destroy a computer. In a presentation entitled 'How many million BIOSes would you like to infect?' at security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments. The attack could be used to render a computer unusable, but it could also be used to steal passwords and intercept encrypted data. The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing code across multiple UEFI BIOSes and places home users, businesses and governments at risk.

3 of 83 comments (clear)

  1. Hardware is trusted by Anonymous Coward · · Score: 3, Interesting

    This was expected. A PC has many devices ready to accept new firmware at any moment. All you need is administrator access and you can start uploading new code. BIOS, HDD, DVD, even CPU microcode updates. Previously not that many have bothered, as it has been far more simple to just use some low-hanging Windows exploit. Now that Windows security has improved, blackhats have to up their game.

    1. Re:Hardware is trusted by DarkOx · · Score: 4, Interesting

      It would be easy to prevent such attacks by KISS as well. Sticking with something a lot more like BIOS instead of a multi-Megabyte EFI mess.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  2. Ironically by Anonymous Coward · · Score: 1, Interesting

    The one company that got suckered into doing Superfish is also pretty much the one company that has an immune UEFI: Lenovo.

    Lenovo system x development actually writes their own firmware rather than going to AMI or someone. They also take directions from a very strict security team that has made them harden against this class of attack for years now (it wasn't a live vulnerability, but the general attack vector has been theorized for a long time).

    Of course, this is the system x team specifically (Servers that begin with x, Flex, BladeCenter, Nextscale) and not necessarily anything else (the part recently purchased from IBM). Although the aforementioned teams came along with the purchase and are starting to call the shots across all enterprise server development (though not necessarily business or consumer pcs/laptops).