Bad News At Boot; HDD And UEFI Hacks
The Number Of Known UEFI Hacks Has Doubled! To Two …
Infecting the UEFI on a motherboard is no small task thankfully, as you need physical access to hack the flash chip on the motherboard to implement a hack, there is no known way to do this remotely. The problem is that once the motherboard’s UEFI is infected, it can do whatever it feels like at boot, long before any antivirus software can attempt to detect it, let alone stop it.
The original UEFI hack involved an anti-theft chip from Absolute Computrace added into the vast majority of OEM laptops. It was intended to ensure that your laptop quietly phoned home frequently so that if stolen then Computrace could disable the laptop as well as locate it. If one was to modify the module to call somewhere else you could get up to all sorts of nefarious deeds. This prompted Kaspersky Lab to design a firmware scanner to compare a system’s UEFI to a validated one and recently they discovered a new type of infection.
This one checks for a specific, innocuously names file in the Windows startup folder and if it isn’t there copies it in. That tiny file then reached out to an external server to trigger another file copy and so on, ensuring the infection could persist even through multiple removals. It also allowed the attacker to customize the infection to each possible machine or profile as well as updating it. Ars Technica delves into the details in this article.
If that wasn’t scary enough for your Monday, follow this Tweet into a interesting project where Linux is installed to hardware on a hard drive, not the hard drive itself. This little mod and hack would grant you full access to that drive where ever it ended up, with no one the wiser.
For only the second time in the annals of cybersecurity, researchers have found real-world malware lurking in the UEFI, the low-level and highly opaque firmware required to boot up nearly every modern computer.
More Tech News From Around The Web
- Confirmed NVIDIA Quadro Branding Phased Out for New Products @ ServeTheHome
- NVIDIA Announces $59 Jetson Nano 2GB, A Single Board Computer With Makers In Mind @ Hackaday
- Microsoft says bug, sorry, ‘a latent defect’ in Safe Deployment Process system downed Azure Active Directory @ The Register
- Definitely not Windows 95: What operating systems keep things running in space? @ Ars Technica
- Red Hat tips its Fedora 33: Beta release introduces Btrfs as default file system, .NET on ARM64, plus an IoT variant @ The Register
- Tech’s New Gig Worker Underclass: Customer Service Reps Who Have to Pay to Talk to You @ Slashdot
- GOG Galaxy client will start selling Epic Games Store games @ Rock, Paper, SHOTGUN
- This Week In Security: PunkBuster, NAT, NAS And MP3s @ Hackaday
- Don’t have a flight stick? Turn an Xbox controller into a HOTAS using a 3D printer @ Rock, Paper, SHOTGUN