Millions of flawed BIOSes can be infected using simple two-minute attacks that don’t require technical skills and require only access to a PC to execute.
…Kopvah and Kallenberg’s talk aims to both highlight the dangers and capabilities of BIOS attacks and the need for system administrators to apply vendor patches, something which they say is not being done.
They will demonstrate attacks against BIOS on Gigabyte, Acer, MSI, HP, and Asus, using the LightEater implant running the privacy-focused Tails platform to siphon GPG keys from memory to a flash chip.
…”Then we’ll boot up the infected HP system and show how LightEater can use the Intel Serial Over LAN technology to exfiltrate data from SMM (System Management Mode), without needing a NIC-specific driver.
…Simple pattern matching can make it so that tools can just assemble BIOS implants for any model on demand,” Kopvah says, adding he expects that attackers already know this.
…”So, we didn’t even have to do anything special; we just had a kernel driver write an invalid instruction to the first instruction the CPU reads off the flash chip, and bam, it was out for the count, and never was able to boot again,” Kopvah says.
The duo will reveal an automated scripts they supplied to vendors that can detect dangerous attacks against SMM capable of reading and writing to all system memory.
BIOS attacks surfaced on the public record from the research community but as leaked Snowden documents reveal it was the National Security Agency that likely first exploited the vector.
The research pair says the attacks should serve as a boot in the arse for governments and corporations to apply BIOS patches if only to make life more difficult for less-resourced hostile spy agencies.
“I personally find it very ironic that things like Tails gained popularity as OPSEC tools thanks to Snowden, while at the same time Snowden’s leaks showed that the NSA had the capability to defeat such mechanisms if they wanted to.”
Read Full Article ››