Researchers demo BIOS attack that survives hard-disk wipe

For discussions about security.
Post Reply
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

Researchers demo BIOS attack that survives hard-disk wipe

#1 Post by Flash »

http://blogs.zdnet.com/security/?p=2962
...The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player...

...in order to execute the attacks, you need either root privileges or physical access to the machine in question...
How do you inspect the contents of a BIOS?

Sage
Posts: 5536
Joined: Tue 04 Oct 2005, 08:34
Location: GB

#2 Post by Sage »

BIOS virii are as old as flash BIOS chips. In the early days, I continued to use clocked 286 s in preference to 3/486 s because most had non-volatile BIOSes (no battery backing). There are plenty of ('doze) utilities for interrogating the BIOS on the InterWeb - nothing new there. I've been using some of them to force settings not provided in the truncated access provided by the suppliers via the DEL key. Ten years ago, every kiddie knew how to clock their cr*p (esp Phoenix) BIOS on their proprietary boxes. The bigggggggest problem remains education, education, education. We must stop Americans, in particular, buying proprietary boxes - it degrades knowledge acquisition about the tools they use. It's deliberate, it's leverage - they know what criminals like eg bankers and M$ do to ruin their nation but education has been so bad over there that they persist with blind stupidity and indolence for the sake of lifting a little screwdriver. Building PC s should be taught in schools alongside the evils of capitalism.

User avatar
Patriot
Posts: 733
Joined: Thu 15 Jan 2009, 19:04

#3 Post by Patriot »

Hmmm ...

I've yet to encounter a BIOS infected virus. Corrupted ones due to virus attack, yes many times a long time ago. The ones that gets corrupted I've seen nowadays are due to user's own doing (with the help of manufacturer's auto-update) or due to a malfunction.

There's many ways to look at the bios. Flashing bios updates tools and setting modifications tools are aplenty. Patching tools are hard to come by but still available if you really want them. I normally don't "patch" them unless I need something specific.

I dare say that I'm the least worried about bios infected virus. Most of the nt based systems under my watch don't even use antivirus ... Downtime ? None was due to viruses ...

Rgds

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

Re: Researchers demo BIOS attack that survives hard-disk wipe

#4 Post by nooby »

Flash wrote:http://blogs.zdnet.com/security/?p=2962
...The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player...

...in order to execute the attacks, you need either root privileges or physical access to the machine in question...
How do you inspect the contents of a BIOS?
Flash, to answer your question. It seems possible for the crooks out there attacking from outside so it should be possible for us from inside too. But I have no clue.

I used google and found these three links in a haste. Have not looked into them if they really says how.

http://books.google.se/books?id=TKEAQmQ ... 3F&f=false

How do I inspect thecontent of the BIOS.

next two link seems to only tell how one go into BIOS settings before booting up so that doesn't really address our concern but could help somebody doing search so I include them.

http://www.iomega.com/support/documents/2157.html

and

http://www.michaelstevenstech.com/bios_manufacturer.htm

The first link seems to be a book and has inside info on what the bad guys do to our computers and maybe some link in the book have the info we are curios on.

Edit yes very good book that one.

http://en.wikipedia.org/wiki/Coreboot

http://www.openfirmware.info/Welcome_to_OpenBIOS
LinuxBIOS Project Usenix Paper

"The LinuxBIOS project has published a paper on using the open source bios code from bochs to help boot unmodified OSes such as Windows 2000, which was presented at the recent Usenix Conference. This was mentioned previously on Slashdot, but this paper gives more technical details on how they did it, some details about future possibilities, and their guiding philosophies behind this project."
http://developers.slashdot.org/article. ... 10/1434210

Most likely somewhere on or at or in those texts links there are info on how to dump the BIOS of our machines and then use tools in linux to compare them with the original BIOS and change them back to the default?
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply