El Reg (http://www.theregister.co.uk/2009/03/24/persistent_bios_rootkits/) reports that:
QuoteResearchers have demonstrated how to create rootkits that survive hard-disk reformatting by injecting malware into the low-level system instructions of a target computer.
The researchers, from Core Security Technologies, used the techniques to inject rootkits into two computers, one running the OpenBSD operating system and the other Windows. Because the infection lives in the computer's BIOS, or basic input/output system, it persists even after the operating system is reinstalled or a computer's hard drive is replaced.
While researchers have focused on BIOS-based rootkits for at least three years, earlier techniques generally attacked specific types of BIOSes, such as those that used ACPI, or Advanced Configuration and Power Interface. The techniques demonstrated by the Core researchers work on virtually all types of systems, they said.
Of course, injecting code into the BIOS is no easy feat. It requires physical access to the machine or an exploit that hands an attacker unfettered root access. But the research, presented at last week's CanSecWest security conference by Anibal L. Sacco and Alfredo A. Ortega, does demonstrate that infections will only become harder to spot and remove over time. ®
Now that is worrying... :shake:
Worrying yes but it's nothing new.
Years ago when I was active in programming you could do this type of thing from Dos. I don't know, but I always assumed this was why they put password protection on bios modification. On my last few motherboards I've not seen the option to "lock" the bios, wonder if it will return now :dunno:
It sounds like it might have to, Tony. :(
I sometimes wonder if all the scaremongering gives majware writers ideas that they wouldn't otherwise have had?
Possible, but probably not. :)
Quote from: Odos on Mar 25, 2009, 11:13:42
Years ago when I was active in programming you could do this type of thing from Dos. I don't know, but I always assumed this was why they put password protection on bios modification. On my last few motherboards I've not seen the option to "lock" the bios, wonder if it will return now :dunno:
I always assumed the password protection was just to stop casual tampering by people with physical access. It never occurred to me that it
might prevent programmatic access. Perhaps in future it will if it didn't already.
I learned a long time ago the only "secure" system was one that cannot be turned on :hehe:
But on a more serious note, as far as I know the only secure bios is one that resides on a Rom and not an Eprom. The downside of course is the only way of upgrading means replacing the chip as in the old BBC micros, I personally I prefer this method though ;D
Me too, I remember it well. :)