gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75425 Posts in 13205 Topics by 2645 Members - Latest Member: Scooly November 19, 2017, 02:47:08 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  LightEater malware attack places millions of unpatched BIOSes at risk
gfx
gfxgfx
 

Author Topic: LightEater malware attack places millions of unpatched BIOSes at risk  (Read 1274 times)

0 Members and 1 Guest are viewing this topic.

http://betanews.com/2015/03/21/lighteater-malware-attack-places-millions-of-unpatched-bioses-at-risk/

Quote
Two minutes is all it takes to completely destroy a computer. In a presentation entitled "How many million BIOSes would you like to infect?" at security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments.

The attack could be used to render a computer unusable, but it could also be used to steal passwords and intercept encrypted data. The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing codes across multiple UEFI BIOSes and places home users, businesses and governments at risk.

Talking to The Register, Kopvah explained that the problem is made worse because of the fact that very few people take the trouble to update their BIOS. This is something the pair are hoping to change by highlighting the ease with which an unpatched BIOS can be infected with malware.

Introducing the vulnerability, Kallenberg and Kovah said:

   
Quote
So you think you're doing OPSEC right, right? You're going to crazy lengths to protect yourself, reinstalling your main OS every month, or using a privacy-conscious live DVD like TAILS. Guess what? BIOS malware doesn't care! BIOS malware doesn't give a shit!

The malware can be used to infect huge numbers of systems by creating SMM (System Management Mode) implants which can be tailored to individual BIOSes with simple pattern matching. A BIOS from Gigabyte was found to be particularly insecure.

   
Quote
We didn't even have to do anything special; we just had a kernel driver write an invalid instruction to the first instruction the CPU reads off the flash chip, and bam, it was out for the count, and never was able to boot again.

The vunerability is something that has already been exploited by the NSA, but the researchers are encouraging businesses and governments to take the time to install BIOS patches that plug the security hole.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: LightEater malware attack places millions of unpatched BIOSes at risk
« Reply #1 on: March 24, 2015, 04:26:56 am »
i still dont know why motherboard vendors dont include the 'bios write protect' jumper anymore...

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: LightEater malware attack places millions of unpatched BIOSes at risk
« Reply #2 on: March 24, 2015, 06:58:51 am »
I,m puzzled, how is this not new vunerability leveraged without physical access to the machine ?

We all know of such issues in real life but the access requirements allow us to sleep easy, is this story about a peice of code that writes the bios while the main o/s is running or something else ?

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: LightEater malware attack places millions of unpatched BIOSes at risk
« Reply #3 on: March 24, 2015, 07:49:25 am »
Quote from: article
....just had a kernel driver write an invalid instruction....

Quote from: ghostship
...writes the bios while the main o/s is running...

yep... need root (or admin as windows calls it) to do it tho... harder to get on a linux/unix (mac.. android..) system than a typical windows install so the code could be delivered in anything from a worm to a 'look at this' trojan email...

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: LightEater malware attack places millions of unpatched BIOSes at risk
« Reply #4 on: March 25, 2015, 05:52:11 am »
It's possible to for example visit a malicious website that uses a vulnerability in the browser to jump out of the browsing sandbox to the OS then use another vulnerability in the OS to get kernel level access and then execute the instruction to overwrite part of the BIOS making the system unbootable.

The only fix then would be to either get a new BIOS chip or own a motherboard that allows you to flash the BIOS using zeroboot via a USB stick. Some Asus motherboards support this feature, my own one does and many of their newer boards from 2012+. Basically you load the BIOS firmware on a USB flash drive and at the back of the motherboard is a USB port clearly labelled for BIOS updates only, it's usually flipped vertically from the other USB. You put the stick there, apply power to the board (but it doesn't need to be booted or even have RAM or a CPU installed) and then hit the Flash button at the back of the I/O panel.

I'm glad Asus added that functionality. Also if you have a motherboard with IPMI (this is rarer on consumer stuff, mainly found on server and workstation boards) you can flash the BIOS over a network connection through a webpage hosted by a daughter board / auxiliary chipset on the motherboard and that too would fix the BIOS after being corrupted.

Another safe guard if you have a board with dual BIOS chips, many do now, including my own, most of Gigabytes and Asus's boards include this feature you can simply hit a button on the motherboard or switch a jumper to switch chips allowing you to re-flash the broken chip. Just obviously don't boot back in to your operating system until you've reflashed the bad chip incase whatever caused the problem is still there.

And finally you can just buy a new BIOS chip pre-flashed with your motherboards firmware. I've done this in the past for a server board that was too outdated for me to update as it didn't support the CPU I intended to use in it, this is the company I used and they charge about $13 for a chip which is small potatoes really: http://www.bios-chip24.com/ they had the new chip to me within 3 days and it worked perfectly, had the exact firmware on it that I requested and booted fine.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  LightEater malware attack places millions of unpatched BIOSes at risk
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.041 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!