Serious, Stealthy, Deadly BIOS Attack
After covering IT security for well more than a decade, few new attacks scare the freckles off of my back. This persistent BIOS attack, as demonstrated by Alfredo Ortega and Anibal Sacco from Core Security Technologies is one of these new attack techniques.
March 23, 2009
After covering IT security for well more than a decade, few new attacks scare the freckles off of my back. This persistent BIOS attack, as demonstrated by Alfredo Ortega and Anibal Sacco from Core Security Technologies is one of these new attack techniques.One of the scariest malware trends in recent years has been the rise in attention toward rootkits. However, it hasn't been easy developing rootkits that can go undetected. Yet, as they detailed at last week's CanSecWest security conference, it's possible to infect the low-level system instructions of a PC BIOS (basic input/output system) and be undetectable.
Essentially, the BIOS is the instruction set given to the computer before the operating system has loaded -- which also means long before any anti-malware software is protecting the system.
According to the researchers, they insert a small piece of code into the BIOS, and they get complete control of the machine. Most disturbing: the code inserted in the BIOS will survive through re-boots, hard-drive wipes, and attempts at reflashing the BIOS. Ortega and Sacco demonstrated successful attacks on Windows, OpenBSD, and on an OS within WMware Player.
From an entry at the ThreatPost blog:
"It was very easy. We can put the code wherever we want," said Ortega. "We're not using a vulnerability in any way. I'm not sure if you understand the impact of this. We can reinfect the BIOS every time it reboots."
The good news is an attacker needs to have a machine where they have "root" privileges, or they need physical access to a machine. While this attack won't be prevalent over the Internet: would you know if the BIOS in one the machines on your corporate network was altered, and infected in a way that no traditional firewall or antimalware application would pickup?
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024