BIOS infestation found
Once again the world has proven that nothing is possible, especially in the field of high technologies. Two computer security specialists from Argentina, Alfredo Ortega and Anibal Sacco, at the CanSecWest conference on the combo conference demonstrated to the wider audience a method of putting malicious code in the BIOS!
After infection, the machine becomes fully controlled by the attacker. The most interesting thing is that no data deletion will help to cure the machine, even after flashing the BIOS (!) It remains infected! What else is interesting: the infection was carried out both from under Windows and from openBSD and even on a VMware virtual machine with openBSD. True, this requires administrator rights or physical access to the machine. According to their statement, the infection can be done through device drivers, adding a small patch to them, and a full rootkit will settle in your BIOS for a very long time. Thus it is also possible to remove or disable antivirus.
I hope that the pills for this threat will be found before the inspired brains of the coochackers come up with this method.
upd. For non-believers and shouting that I will bring this yellowness to the conference and its review in the Threatpos.com blog.
upd2 Transferred to information security, thanks for the karma.
After infection, the machine becomes fully controlled by the attacker. The most interesting thing is that no data deletion will help to cure the machine, even after flashing the BIOS (!) It remains infected! What else is interesting: the infection was carried out both from under Windows and from openBSD and even on a VMware virtual machine with openBSD. True, this requires administrator rights or physical access to the machine. According to their statement, the infection can be done through device drivers, adding a small patch to them, and a full rootkit will settle in your BIOS for a very long time. Thus it is also possible to remove or disable antivirus.
I hope that the pills for this threat will be found before the inspired brains of the coochackers come up with this method.
upd. For non-believers and shouting that I will bring this yellowness to the conference and its review in the Threatpos.com blog.
upd2 Transferred to information security, thanks for the karma.
')
Source: https://habr.com/ru/post/55498/
All Articles