Yet another revelation has come from the Hacking Team leak, a UEFI based rootkit which can infect computers and will survive AV scans and even a drive replacement. The rootkit is designed specifically for the BIOS designed by Insyde which are found primarily in laptops; Dell and HP for example. TrendMicro suggested to The Register that this rootkit could also infect AMIBIOS designed UEFI, the type you are familiar with from desktop motherboards but that has not been confirmed. As well Trend Micro intimates that the rootkit could be installed remotely but so far the evidence suggests physical access is required … as flashing a BIOS tends to do. Using UEFI SecureFlash, or even flashing to the newest version will also remove the kit, although depending on the solution your motherboard uses you may see error messages about updating an unexpected or corrupt previous version. Keep safe out there and maybe keep the Flash to your BIOS for now.
"Hacking Team RCS spyware came pre-loaded with an UEFI (Unified Extensible Firmware Interface) BIOS rootkit to hide itself on infected systems, it has emerged following the recent hacking of the controversial surveillance firm."
Here is some more Tech News from around the web:
- Adobe: We REALLY are taking Flash security seriously – honest @ The Register
- Samsung Galaxy A8 launches with Snapdragon 615 chip and Android 5.1.1 Lollipop @ The Inquirer
- Google can now run your Windows Server installations for you @ The Inquirer
- Rackspace to resell and support Microsoft's Azure @ The Register
- How to Really Delete your Files @ Hardware Secrets
- Asus RT-AC3200 802.11ac Router @ Kitguru
yeah….i think everyone saw
yeah….i think everyone saw this coming from a long time ago the more features we get on motherboards uefi the higher the chances are their will be more exploits
Now there will have to be 2
Now there will have to be 2 UEFI chips, one you can write to/update, and the other a default UEFI ROM, so if you suspect that the writable UEFI may be harboring a rootkit/malware then you can boot off of the read only UEFI/BIOS, and reimage/reset(nuke from orbit) the UEFI rewritable flash memory. And then get a secure UEFI update from the device’s OEM, or your corporate IT department. This should help keep the system cleaned of any troubles, and could go along with reimaging the system drive with an un-modifiable system ISO for any users, especially the corporate users who go overseas to some very insecure locations. Oh for the days when a dip switch, or jumper needed to be enabled to flash the BIOS/UEFI. All that extensibility can lead to an extensive threat that can not be erased with a simple disk wipe and reimage!
UEFI biggest fraud in the PC
UEFI biggest fraud in the PC history. Created only to accommodate OS manufacturers (excluding GPL). It solved not one of old BIOS problems but added whole bag of new ones. And unauthorized access to that software is million times easier than accessing good old BIOS.
Yes I too sometimes miss jumpers to block any tampering with the BIOS. Analog is not always worse than digital. Casing point with UEFI.
“Analog is not always worse
“Analog is not always worse than digital. Casing point with UEFI.”
I would suggest that in place of ranting about BIOS and UEFI, some reading may be in order.
“Various precautions to guard
“Various precautions to guard against this sort of attack are possible including enabling UEFI SecureFlash, updating the BIOS whenever there is a security patch and setting up a BIOS or UEFI password, As Trend Micro explains.”
So, this is kind of a non-story: attacker X has physical access to a machine with no password protection and no key signing (UEFI SecureFlash), attacker X can do Stuff. You can do the exact same thing with BIOS, or any EFI implementation!