LightEater Malware Attacks Millions of BIOS Chips

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
We’ve all heard the old maxim that ‘software doesn’t destroy hardware’, but BIOS malware LightEater is an exception to that rule. LightEater can be used just to steal passwords and intercept data or it can render your BIOS useless, preventing your computer from booting.

The problem is made worse because of the fact that very few people take the trouble to update their BIOS. This is something the pair are hoping to change by highlighting the ease with which an unpatched BIOS can be infected with malware.
Click to expand...
 
I tried looking into this. The article talks about how these guys are emulating what was disclosed as being used by the NSA to infiltrate electronic devices. It takes advantage of SMM (System Management Mode). But what I can't tell is if this can be done in a normally operating system or if they system has to physically be compromised (IE booted into a special mode).

I would guess this is related to the ability to patch BIOS directly from an operating system now versus having to boot into the BIOS or DOS and load an image manually. I actually prefer the manual method. I do not like the idea my BIOS being open for flash at the operating system level.
 
Why the FK would the Bios be write-able unless you move a jumper on the motherboard over to enable writes? With the WR pin shut off on the rom chip .... not the cmos ram, but the actual bios rom .... tied OFF by jumper the Bios can never ever be corrupted until you deliberately switch the jumper position to enable writes?

All of $.005 to provide solid security .... DaFuq. :rolleyes:
 
xX_Jack_Carver_Xx said:
Why the FK would the Bios be write-able unless you move a jumper on the motherboard over to enable writes? With the WR pin shut off on the rom chip .... not the cmos ram, but the actual bios rom .... tied OFF by jumper the Bios can never ever be corrupted until you deliberately switch the jumper position to enable writes?

All of $.005 to provide solid security .... DaFuq. :rolleyes:
Click to expand...
Because 90% of computers are owned by people who have no idea what a jumper is and would be scared shitless to open up their computer?

And yet PC manufacturers still need to be able to update the BIOS of their customers' PCs without sending out a technician?
 
Someone correct me if I'm wrong. The vulnerability is in unpatched UEFIes not BIOSes. From a quick google search I see that some articles are saying that UEFI BIOSes are at issues. This makes no sense; doesn't UEFI sit on top of BIOS (firmware)?

uefi-stack-300x228.jpg
 
xX_Jack_Carver_Xx said:
Why the FK would the Bios be write-able unless you move a jumper on the motherboard over to enable writes? With the WR pin shut off on the rom chip .... not the cmos ram, but the actual bios rom .... tied OFF by jumper the Bios can never ever be corrupted until you deliberately switch the jumper position to enable writes?

All of $.005 to provide solid security .... DaFuq. :rolleyes:
Click to expand...

Damn near every modern motherboard or PC vendor has tools/apps that can update the BIOS while the user is in windows. And before you write the BIOS, it needs to get wiped in most cases. Your post fees like it is straight out of 1995.
 
Ummm... it is actually super easy to brick a BIOS just by using a command line switch to force flash a corrupt BIOS or cross flash to a BIOS not meant for your board.

There is absolutely no need to to use special code to so this.

For that matter, you can brick just about any piece of hardware that has a flashable BIOS if you really want to.

Way to over complicate the fact that you can on-purpose brick a BIOS.
 
Yeah, leave the engineering to people who know what the fuck they are talking about.

When was the last time ASUS (or whoever) "rolled out" Bios updates to idiot customers? This isn't Windows Update. Those same customers do not know enough to go to the manufacturer website and download and update the bios. In fact most people don't until something doesn't work that requires an update be done to solve a problem.

Big installations have an IT Dept that does the work. In the interest of SECURITY there needs to be a write-enable physical interlock ... a Jumper ... to prevent the VIRUS/Hacker from doing precisely what the motherboard manufacturer does to update THROUGH SOFTWARE the Bios flashrom.

You can always leave the jumper in for dummies, and they will get hacked, oh well. But the rest of us who know better would set the jumper to "manual" so that the Bios update software (regardless of where it is run, CD USB Windows Linux) will have NO effect until someone physically moves the jumper.

The Industry could implement a switch or key on the back of the case to enable the Bios overwrite, but the entire POINT is to have a physical interlock to prevent the Bios from being hacked ..... by preventing the write enable signal to the flashrom (discrete chip or inside southbridge, etc) unless authorized by the computer user or IT dept.

How is this a difficult concept? S E C U R I T Y :eek::rolleyes:
 
Wow, interesting! Hope I never meet a person or run across this my self!
 
You must log in or register to reply here.
Back
Top