LightEater malware attacks uEFI BIOSes

by Hilbert Hagedoorn on: 03/21/2015 01:36 PM | source: | 55 comment(s)

I've been wondering about UEFI BIOSes myself for a while now, sure they look and work great, but an uEFI BIOS is an OS on its own, and as such rather vulnerable. At the security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments.

An unpatched BIOS can easily be infected with malware or a virus. Motherboards from companies like Gigabyte, Acer, MSI, HP and Asus are at risk, especially if you are not updating your BIOS on a regular basis towards the latest revision (and let's be frank here, who does ?).

As betanews writes the following on the topic, Introducing the vulnerability, Kallenberg and Kovah said:

So you think you're doing OPSEC right, right? You're going to crazy lengths to protect yourself, reinstalling your main OS every month, or using a privacy-conscious live DVD like TAILS. Guess what? BIOS malware doesn't care! BIOS malware doesn't give a shit!

The malware can be used to infect huge numbers of systems by creating SMM (System Management Mode) implants which can be tailored to individual BIOSes with simple pattern matching. A BIOS from Gigabyte was found to be particularly insecure.

We didn't even have to do anything special; we just had a kernel driver write an invalid instruction to the first instruction the CPU reads off the flash chip, and bam, it was out for the count, and never was able to boot again.

The vunerability is something that has already been exploited by the NSA, but the researchers are encouraging businesses and governments to take the time to install BIOS patches that plug the security hole.

11 pages « 2 3 4 5 > »

Fox2232
Senior Member

Posts: 11808
Joined: 2012-07-20

#5033854 Posted on: 03/21/2015 04:25 PM

If there is anything i can say about Asus bios updates for mobo, is that they are frequent and good, job well done.

Unlike support for xonar series... if that pose a threat i hope they release counter bios fast.

Do you mean things like their G73 bios update which if performed from other than fat32 filesystem ended up bricking notebooks?

The Laughing Ma
Senior Member

Posts: 4647
Joined: 2008-04-12

#5033862 Posted on: 03/21/2015 04:42 PM

Maybe I missed it in the article but how exactly does the system become infected in the first place? I mean it's all well talking about BIOS updates but if the only method of infection requires someone with a USB stick to have direct access to the computer then it's all a bit pointless then isn't it?

cpy2
Senior Member

Posts: 100
Joined: 2014-12-30

#5033866 Posted on: 03/21/2015 04:46 PM

Good thing i don't use BIOS anymore, long live UEFI.

Extraordinary
Senior Member

Posts: 19558
Joined: 2010-04-21

#5033868 Posted on: 03/21/2015 04:49 PM

UEFI is still a BIOS for all intents and purposes and can generally be switched back to Legacy BIOS too

EDIT -

The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing codes across multiple UEFI BIOSes and places home users, businesses and governments at risk.

sykozis
Senior Member

Posts: 22422
Joined: 2008-07-14

#5033883 Posted on: 03/21/2015 05:08 PM

Good thing i don't use BIOS anymore, long live UEFI.

This affects UEFI.....not the old, outdated BIOS system, which actually had mechanisms to prevent such attacks. You should really re-read the OP....

11 pages « 2 3 4 5 > »

Post New Comment

Click here to post a comment for this news story on the message forum.