Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 23rd, 2009

New BIOS Attack Might Allow Malware Survive Hard-disk Format And BIOS Reflashing

A pair of Argentinian researchers have found a way to perform a BIOS level malware attack capable of surviving even a hard-disk wipe. The researchers, Alfredo Ortega and Anibal Sacco from Core Security Technologies, used the stage at last week’s CanSecWest conference to demonstrate methods for infecting the BIOS with persistent code that will survive reboots and reflashing attempts. The technique includes patching the BIOS with a small bit of code that gave them complete control of the machine. The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player.

“It was very easy. We can put the code wherever we want,” said Ortega. “We’re not using a vulnerability in any way. I’m not sure if you understand the impact of this. We can reinfect the BIOS every time it reboots.”

Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope. But the methods are deadly effective and the pair are currently working on a BIOS rootkit to implement the attack.

“We can patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable anti-virus,” Ortega said.

Rob Lemos at SecurityFocus explains that the attack method requires the use of a machine that’s already compromised but the scary part is that it completely prevents a defender from easily deleting an attacker’s program or rootkit.

“You can remove the hard drive, trash it, and even reinstall the operating system,” Sacco said. “This will still reinstall the rootkit.”

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • Insecure BIOS ‘Rootkit’ Found Pre-loaded In Major Manufacturers Laptops
  • Intel Update For BIOS Protects From Privilege Escalation Vulnerability Discovered By Rutkowska
  • New PDF Exploits Toolkit Targets Windows Users With Unpatched Adobe Reader
  • Researchers Found A Method To Discover BitLocker Drive Encryption PIN
  • Millions Of PDF Files Leak Private Data Due To Internet Explorer Bug

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New BIOS Attack Might Allow Malware Survive Hard-disk Format And BIOS Reflashing

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.