Vulnerabilities in the bios make virtually any computer vulnerable to malware




Vulnerabilities in the bios make sure that almost all PCs currently are susceptible to malware. Security researchers have a security conference a proof-of-concept shown such malware that could infect 80 percent of the PCs.

Because the malware operates at the level of the cinema, the operating system does not matter. The researchers show in their presentation proof-of-concepts with both Windows 10 and Tails, secure Linux-based operating system that traces knew when it shuts down. With their method, the researchers were able to intercept a PGP key from Tails.

The proof-of-concept works because the researchers are using a flaw in a mode for Intel x86 and ’64’-Intel architecture. In that architecture has System Management Mode, or SMM , always read / write access to all memory even as Tails used. Malware can exploit that secretly to read from the memory of an affected machine. The proof-of-concept is called Light Eater and makes use of Intel Serial Over LAN to infect the bios.

In System Management Mode is special software such as firmware and debuggers with elevated administrator privileges performed among other applications such as energy management, management of system components, and so on. From the Snowden-disclosures revealed that the NSA already SMM abused in a similar way as the researchers demonstrate now.

The infection may be from malicious attachments in email as expired on a UEFI system program is available to update the bios. If this is not the case then it requires physical access to a system, for example, to go with a USB stick to infection about. This could in two minutes, the researchers show.

The researchers contacted all manufacturers, but because of the amount of vulnerabilities in the bios of the manufacturers have not all responded. Dell has promised to patch the vulnerabilities and Lenovo wants to fix the vulnerabilities. Other manufacturers of systems whose bios would be vulnerable, Asus, HP and LG.


In: Technology & Gadgets Asked By: [15509 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »