Persistent BIOS Rootkit Implant To Debut At CanSecWest
0 views
Skip to first unread message
Jason Hennessey
Mar 19, 2015, 3:00:08 PM3/19/15
to <moc-technical@googlegroups.com>, Ari Trachtenberg
Thought this would be of interest, especially WRT Hardware as a
Service.
Jason
http://it.slashdot.org/story/15/03/19/1319244/persistent-bios-rootkit-implant-to-debut-at-cansecwest
Research on new BIOS vulnerabilities and a working rootkit implant will be presented on Friday at the annual CanSecWest security conference. An attacker with existing remote access on a compromised computer can use the implant to turn down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed. The devious part of the exploit is that the researchers have found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure and privacy focused operating systems such as Tails in the line of fire of the implant.
Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails' built-in protections, including its capability of wiping RAM.
Jason
http://it.slashdot.org/story/15/03/19/1319244/persistent-bios-rootkit-implant-to-debut-at-cansecwest
Research on new BIOS vulnerabilities and a working rootkit implant will be presented on Friday at the annual CanSecWest security conference. An attacker with existing remote access on a compromised computer can use the implant to turn down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed. The devious part of the exploit is that the researchers have found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure and privacy focused operating systems such as Tails in the line of fire of the implant.
Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails' built-in protections, including its capability of wiping RAM.
Reply all
Reply to author
Forward
0 new messages