Jump to content

backdoors in the BIOS


johnnyrage
 Share

Recommended Posts

hey folks

was reading this article on awgh blog about new bios's from intel etc which will be programable to setup networking,keylogging and disk access before an o/s has even been booted into,the scary thing is that the source code has been released which in the wrong hands could be used for malicious attacks in future,i can also remember reading somewhere about the chinese having backdoors in motherboards etc :unsure:

will this render antivirus and firewall software obsolete :unsure:

just thought it would be an intresting topic and see what uz guys think about it

Link to comment
Share on other sites

Malware in the BIOS is the ultimate malware. If done properly it would be near undetectable, and only removable by way of a device that flashed the chip without using the chip to boot.

Difficult to create, probably just as difficult to deploy reliably (without killing motherboards)

Link to comment
Share on other sites

First things first anti-virus and firewall software are already useless. Software that protects against other software doesn't work.

Next, just because the source is released doesn't mean its less secure. Open Source software tends to be more secure. Security through obscurity is no security at all.

Link to comment
Share on other sites

http://hackaday.com/2008/05/20/phlashing-d...k-the-new-hype/

There's also the risk of somebody bricking it remotely, but that's true now with most devices that recieve firmware updates over the net and don't have any way of verifying integrity (which most do).

As long as mobo's still have removable bios chips, there's still a way to recover a bad flash by using a programmer for a microcontroller to flash the clean bios on. with the chip programmer, you can also dump the malicious firmware to a file for forensic analysis.

Link to comment
Share on other sites

Malware in the BIOS is the ultimate malware. If done properly it would be near undetectable, and only removable by way of a device that flashed the chip without using the chip to boot.

Difficult to create, probably just as difficult to deploy reliably (without killing motherboards)

Psh, China's been building this into all of our motherboards for years *Puts Tin Foil Hat Back On*

....oh no, they know i talked...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...