Main Area and Open Discussion > Living Room
BIOS Level malware attack
Eóin:
Any chance locking BIOS flashing either through a setting or a jumper on the motherboard would make things safer or is that really just a superficial lock?
Stoic Joker:
Any chance locking BIOS flashing either through a setting or a jumper on the motherboard would make things safer or is that really just a superficial lock?
-Eóin (March 28, 2009, 12:20 PM)
--- End quote ---
The "spin" that most of the researchers seemed to put on it implied that that would be a good start ... but it didn't eliminate the isue of other hardware items being targeted.
I'm not intimately familliar with the low lever archetecture stuff ... but I can follow the conversation, and the upshot is that everybody was so busy trying to defend the OS that the box it ran on was completely ignored ... until now. ...Which kinda makes for an "Oh Shit" ripple effect. ...Best I can tell.
Looks like this thing has been brewing since 03.
4wd:
... (except of course on motherboards where the flashrom chip can be removed from the motherboard - most seem to be directly soldered on, though).
-f0dder (March 23, 2009, 04:05 PM)
--- End quote ---
And any motherboard that has dual BIOS chips since the 'backup' BIOS is generally non-writable, (well, at least on the Gigabyte boards), so you can always cross-flash the normal boot BIOS back into the hacked BIOS.
IIRC, the Gigabyte boards also default back to the non-writable BIOS if something out-of-ordinary is detected in the default boot BIOS, (I'll have to read my manual a bit more I think).
Stoic Joker:
... (except of course on motherboards where the flashrom chip can be removed from the motherboard - most seem to be directly soldered on, though).
-f0dder (March 23, 2009, 04:05 PM)
--- End quote ---
And any motherboard that has dual BIOS chips since the 'backup' BIOS is generally non-writable, (well, at least on the Gigabyte boards), so you can always cross-flash the normal boot BIOS back into the hacked BIOS.
IIRC, the Gigabyte boards also default back to the non-writable BIOS if something out-of-ordinary is detected in the default boot BIOS, (I'll have to read my manual a bit more I think).
-4wd (March 28, 2009, 07:02 PM)
--- End quote ---
Not quite, because you still have to boot the afflicted Mboard to perform the flash. In which case the "Bugg" can simply block the overwrite of its own block. The creators of the expliot referred to this "feature" as being trivial to implement.
f0dder:
... (except of course on motherboards where the flashrom chip can be removed from the motherboard - most seem to be directly soldered on, though).
-f0dder (March 23, 2009, 04:05 PM)
--- End quote ---
And any motherboard that has dual BIOS chips since the 'backup' BIOS is generally non-writable, (well, at least on the Gigabyte boards), so you can always cross-flash the normal boot BIOS back into the hacked BIOS.
IIRC, the Gigabyte boards also default back to the non-writable BIOS if something out-of-ordinary is detected in the default boot BIOS, (I'll have to read my manual a bit more I think).
-4wd (March 28, 2009, 07:02 PM)
--- End quote ---
Not quite, because you still have to boot the afflicted Mboard to perform the flash. In which case the "Bugg" can simply block the overwrite of its own block. The creators of the expliot referred to this "feature" as being trivial to implement.
-Stoic Joker (March 28, 2009, 10:13 PM)
--- End quote ---
Well, if the backup BIOS is used to boot, the malware isn't going to activate, is it? :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version