You And I And UEFI Vulnerabilities

Source: Ars Technica You And I And UEFI Vulnerabilities

I Don’t Mean To Alarm Anybody, But I Think We’re Being Followed

Recent security research has revealed that someone is teaching Trickbot new tricks, and this one is right nasty.  Trickbot started out as a minor villain, a trojan that enabled nefarious types to commit bank fraud but over the years it has become more of a criminal mastermind, able to infect a wide variety of systems in different ways.  Black hats now rent their stables of machines infected with Trickbot to scumbags to steal from infected machines or to use the combined processing power to attack a different target.  It is now seemingly scanning machines to see which ones allow the UEFI on the board to accept unauthorized modifications.

Until now UEFI infections have required physical access to the target computer, which gave us at least a modicum of reassurance but that respite is over.  Currently some Trickbot networks are scanning machines to see if a hidden driver for RWEverything can be dumped on a machine and run, though thankfully they still have a -whatif switch applied.  Read & Write Everything, if you haven’t run into it is software which is used to update firmware, or to get hardware information from a machine and is a rather handy tool;  so it is sad to see it being used in this way.

This is bad news, as not only is this new attack vector incredibly difficult to detect it will be even harder to remove.  It could be used as a perpetual source of infection with just a wee bit of code added to your UEFI; remove it from your OS as often as you wish but it will reappear after every reboot until your UEFI is replaced.  It could even just wipe it or modify it to an unusable state, which would make your next reboot your last one.

Here’s hoping hardened UEFI’s become commonplace before this new attack does!

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

1 Comment

  1. Tarrasik

    How about just reflashing your bios?

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!