All the latest UK technology news, reviews and analysis
|
|
|
26 Mar 2009
A new form of attack that installs a rootkit directly onto a computer's Bios system would render anti-virus software useless, researchers have warned.
Alfredo Ortego and Anibal Sacco of Core Security Technologies explained that the attack is possible against almost all types of common Bios systems in use today.
The researchers devised a 100-line Python script that could be flashed onto the Bios to install a rootkit. Because the Bios software activates before any other program on a computer when it starts up, normal anti-virus software would be unable to detect it.
"We tested the system on the most common types of Bios," said Ortega. "There is the possibility that newer types of Extensible Firmware Interface Bios may be resistant to the attack, but more testing is needed."
The attack is only possible if the attacker already has full administrative control of the target PC, but this is possible through a standard virus infection. Once that is achieved, the malware operator would be able to flash a rootkit directly onto the Bios.
Even if the initial virus was detected and removed, the computer would still be under remote control. A full wipe of the hard drive and complete reinstallation of the operating system would not remove it, the researchers warned.
If a sophisticated rootkit was put onto the Bios it could be even more difficult for an administrator to debug the system, according to Ivan Arce, chief technology officer at Core Security.
"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."
The attack vector is also usable against virtual systems, the researchers said. The Bios in VMware is embedded as a module in main VMware executable, and thus could be altered.
However, it is possible to protect against this attack by locking down the Bios chip from flash updates, either physically or by password-protecting the system against unauthorised changes.
"The best approach is preventing the virus from flashing onto the Bios," said Sacco. "You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard."
Latest stories from Components
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Firm also discusses Blackberry 10 system
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Key Skills Execute test scripts and assist with development...
Our client is entering a new phase of their network systems...
SQL Server / Architect / DBA SQL DBA Architect is required...
.NET - C# - SQL –SSIS –ETL - Real-Time Data. This established...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
BIOS business boost
You all understand that with computers that cannot boot many users will find themselves with fully functional hardware needing just new BIOS to make it work. So this virus is a promotion for the BIOS and Motherboards vendors, also for workshops. Are they behind the virus? Or the "genius" doesn?t know for whom they are working? Go get your pay-check!
Posted by: Armando 25 Feb 2010
Change BIOS to Read-Only
This can probably be prevented by activating the "anti-virus' option found in most BIOS. This will render the BIOS chip read-only.
Posted by: Agricolae Maximus 29 Nov 2009
This is not New!
This has always been possible, I've work with bios chips, proms & pci roms. The problem is that the WWW (& other inputs) facing appliances are not being properly protected (sand boxed) by the Operating system(s) BEFORE they reach the master system kernel data! Inter-operability is also an enemy of Security if not very carefully planned!
Posted by: J D 23 Nov 2009
BIOS
It's an acronym. BIOS. Not Bios.
Posted by: Ryan 22 Nov 2009
Rid my PC from the bugs
I was very happy that I found the antispyware solution from Search-and-destroy to help me rid my PC from the bugs that threaten its overall performance. I'm sure that you already know that when you search the wide world of cyberspace you pick up spyware and viruses that can make your computer run slow and sluggish. Over time, it will completely stop working if you don't find a good scan to prevent this from happening.
Posted by: Daniel123 30 Mar 2009