Slashdot Mirror
Lenovo Scrambling To Get a Fix For BIOS Vulnerability (theregister.co.uk)
Richard Chirgwin, reporting for The Register: Lenovo, and possibly other PC vendors, are exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can "disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise." The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code. Lenovo complains in its advisory that it tried to make contact with Oleksiuk before he published the vulnerability. The company says the vulnerable System Management Mode software came from an upstream BIOS vendor -- making it likely that other vendors getting BIOS software from the same outlet will also be vulnerable. There's also a hint that Lenovo agrees with a speculation by Oleksiuk, that the code may be an intentional backdoor: "Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability's presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code."
:(
i fully expect UEFI and secure boot to be littered with bugs, glitches, exploits, backdoors (different entities will call them different things but they're all the same.. vulnerabilities) given the nature of what it is, what it is 'supposed to do', what it actually does, how it came about, who pushed for the 'new way to do something' and the actual reasons why (hint: it isn't to protect your computers, data or interests). this "forced migration" to a new "standard" is a million times worse than the linux world's systemd thing... million times worse.
How much you wanna bet the N$A put that in there?
Software based firmware write protection is a joke. It is just as stupid as a door lock on a door and then hiding the key under the flowerpot on the porch.
It is no real protection at all. It should be a hardware switch like in the old days, but no, that increases the costs per device by $0.02 and it makes using the system by dumb people more difficult. Lets not do it and make an extra buck.
And because everyone reasons like this, we are now stuck with huge hardware and software stacks, which inherently cannot be secured, and an entire industry that tries just that, securing crappy systems, and failing at it.
Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware
In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87
How many rootkits does the US[2] use officially or unofficially?
How much of the free but proprietary software in the US spies on you?
Which software would that be?
Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.
How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?
If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?
I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:
APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.
Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.
The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.
Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.
Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware
Not surprised about this at all. A few simple reasons /.) about the company that was doing all sorts of pop-up ad's for a camera (ax-90 or something like that), had an interview with the chief programmer. He stated very specifically that his line was drawn when they figured they could hack the bio's and use that as the cookie storage to know if it was ok to advertise to that person or not
A) Analog (Sci-fi/fact in the 80's) corporate warfare by making chips have vulnerabilities published more than once
B) in the last 11 years ( don't recall exactly ) , a published report ( also posted here in
C) recent discovery about something hidden in the intel chips, while I don't recall exactly when published ( less than 1 year ) it's code was some sort of control mode, not usable generally, but possible research tool to learn more about the chips weakness.
please feel free to add to what I've stated and or clarify a better timeline or cite sources.
if you see me, smile and say hello.
... turns out to not really be better at all. More complexity, more bugs, more features nobody really needs, more enhancements that don't actually do what they're billed to do, more "security" that isn't, more dependency pressure on downstream users and dependent OSes, and more security vulnerabilities courtesy itself, yes. Actually better, no.
Pretty impressive.
You asked for it Lenovo and/or Intel. This turns an incoming buffer into a funciton pointer and executes arbitrary incoming code:
v3 = *(VOID **)(CommunicationBuffer + 0x20);
v4 = CommunicationBuffer;
*(v3 + 0x8)(*(VOID **)v3, &dword_AD002290, CommunicationBuffer + 0x18);
That's moron. You asked for it. Now suck it up. Apologize to the world for creating a obvious backdoor.
I'm quite sure it won't be the only one coming from Intel's headquarters. And yes, security-researchers will keep digging them up and expose them. Forever.
I liked it better when I had to move a jumper before I could flash the BIOS in a machine. That was really quite secure against post-shipment BIOS modification.
Of course, I also can't think of the last time I flashed the BIOS in any of my systems, which makes me wonder why the hell we ever got away from ROMs in the first place...
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
That's moron.
"Moronic," moron. :-)
It must have been something you assimilated. . . .
Trust us... it's perfectly safe.
I have never enabled the write protection on the flash. It is just an annoying feature that wouldn't do any good in protecting the machines against anything.
Also, by using this they can disable secure boot? I already disabled that to run Linux!
it's a back-door, and back-doors do not build and insert themselves into structures. When NSA delivers the court orders to Intel, they abide, deny, and otherwise don't speak a word of it. This is how it works with U.S. technology these days.
I have ONE word for you... BREVITY!!
I'm not reading any post that long, and I doubt many others will as well
Has any demonstration been done using Linux instead of Windows 10? I don't run Windows on my T420
It is just as stupid as a door lock on a door and then hiding the key under the flowerpot on the porch.
Actually as stupid as a store with gates on its windows and door glass but the front door lock has a twist handle on the inside. Break the glass and open the door...
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
TLDR
Put the BIOS on ROM, on a sim card so it can be replaced dammit! And while we're on the subject, why isn't the OS on a read only chip also? Mine is. It's "live"
“He’s not deformed, he’s just drunk!”
No shock that intentional back doors are in there.
what's the v4 for?
Your post made me thinking about the firmware of the Intel network cards..
what's the v4 for?
To get more mod points.
The premise is: "If what ___ is saying is correct..."
Your Lenovo/etc could be vulnerable to your firmware being hacked even through "Secure Boot"? Secure Boot is a name and is not secure nor is it encrypted. Nothing about Microsoft Windows is secure, it is spyware.
The subtle inference here is that something can EVEN bypass your "Secure Boot". It is not secure. Windows is not secure.
If you have another OS running bare metal on it you probably don't care about "Secure Boot" anyway and likely disable it anyways. If you store sensitive data then encrypt files/folders/partitions etc. Whatever level you require. If you encrypt nothing sensitive then you first need somebody who wants the info on your PC so bad they will go to your location, then they have to do cat burglar stuff and leave with the muahaha chuckles.
Encrypt the things you want encrypted and don't use Windows is the whole story. If there is a BIOS update then say there is a BIOS update. Their reputation relies on whether it is spyware or not or insecure code or not.
Right on!
I didn't read that shit.
not really, since part of having your apartment broken into is KNOWING its been broken into.
key + flowerpot nicely obscures the hack.
whereas broken glass everywhere is a pretty good sign that something has been taken.
Remember; you can't actually prevent someone sufficiently motivated from getting in your house (Axe/sledgehammer/Car will bust pretty much any security measure). But the more destructive they have to be; the more likely the forced entry will be detected.
In the absence of complete security; you may as well opt for security canaries (broken glass is a good one)
IDA pro is not exactly AI. It just "reverses" every machine code instruction to C. In the original machine code, it is probably just a CPU register.
The solution is to switch to a free, open-source BIOS: Libreboot.
Lets get behind a project aimed at modularizing computing and put control over the software and designs into the hands of the community. There is this thing called the EOMA68 standard. It's basically a computer in the format of the old PCMICA cards. It's not PCMICA mind you, but is the same size and looks identical to it. However what is different is that this new standard is enabling the community to design laptops, desktops, tablets, phones and other devices where we're not dependent on any proprietary bits.
The first three devices that have been designed are an inexpensive basic Computer Card designed around the Allwinner A20 CPU and EOMA68 standard (faster 64 bit quad core cards are right around the corner ~6-8 months out). The next two which are part of the Crowd Funding campaign are a desktop housing kit and a laptop housing kit.
The Libre Tea Computer Card, desktop housing, and laptop housing are all completely free of dependencies on proprietary bits including things like keyboard/screen/touchpad controller software. It's really the only design you can be reasonably confident is auditable and NSA-resistant. We also know that the CPU itself is not backdoored because there is evidence how China is backdooring there home-grown systems with this chip and it's at the OS level. We also have the sources for what would be the equivalent of power management/Intel management engine firmware(ie where they're putting the backdoors in Intel, and an equivalent location in AMD CPUs).
https://www.crowdsupply.com/eoma68
also it's an AC