Beelink SER5 Pro (Ryzen 7 5800H) mini PC review
Crucial T700 PCIe 5.0 NVMe SSD Review - 12GB/s
Sapphire Radeon RX 7600 PULSE review
Gainward GeForce RTX 4060 Ti GHOST review
Radeon RX 7600 review
ASUS GeForce RTX 4060 Ti TUF Gaming review
MSI GeForce RTX 4060 Ti Gaming X TRIO review
GeForce RTX 4060 Ti 8GB (FE) review
Corsair 2000D RGB Airflow Mini-ITX - PC chassis review
ASUS PG27AQDM Review - 240Hz 1440p OLED monitor
LightEater malware attacks uEFI BIOSes
I've been wondering about UEFI BIOSes myself for a while now, sure they look and work great, but an uEFI BIOS is an OS on its own, and as such rather vulnerable. At the security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments.
An unpatched BIOS can easily be infected with malware or a virus. Motherboards from companies like Gigabyte, Acer, MSI, HP and Asus are at risk, especially if you are not updating your BIOS on a regular basis towards the latest revision (and let's be frank here, who does ?).
As betanews writes the following on the topic, Introducing the vulnerability, Kallenberg and Kovah said:
So you think you're doing OPSEC right, right? You're going to crazy lengths to protect yourself, reinstalling your main OS every month, or using a privacy-conscious live DVD like TAILS. Guess what? BIOS malware doesn't care! BIOS malware doesn't give a shit!
The malware can be used to infect huge numbers of systems by creating SMM (System Management Mode) implants which can be tailored to individual BIOSes with simple pattern matching. A BIOS from Gigabyte was found to be particularly insecure.
We didn't even have to do anything special; we just had a kernel driver write an invalid instruction to the first instruction the CPU reads off the flash chip, and bam, it was out for the count, and never was able to boot again.
The vunerability is something that has already been exploited by the NSA, but the researchers are encouraging businesses and governments to take the time to install BIOS patches that plug the security hole.
nexxusty
Senior Member
Posts: 84
Joined: 2013-04-10
Senior Member
Posts: 84
Joined: 2013-04-10
#5034657 Posted on: 03/22/2015 07:46 PM
I've flashed thousands of BIOSes.
Nothing to worry about.
I'm not embellishing that number even slightly either.
Also, Asus USB BIOS flashback does not check for a signed bios. Still.
UBU (UEFI Bios Editor) and me are close friends. Trust.
I've flashed thousands of BIOSes.
Nothing to worry about.
I'm not embellishing that number even slightly either.
Also, Asus USB BIOS flashback does not check for a signed bios. Still.
UBU (UEFI Bios Editor) and me are close friends. Trust.
Sergio
Senior Member
Posts: 254
Joined: 2013-03-22
Senior Member
Posts: 254
Joined: 2013-03-22
#5034741 Posted on: 03/22/2015 10:12 PM
UEFI really didn't take off until a good while after Win7 shipped, and from what you say here it appears you have a standard bios and do not have a UEFI system. (Pay no attention to the UEFI markings on your USB stick--that's just advertising...
) The main point to UEFI is the secure-boot function, which was designed to stop viruses and other malware that were getting into bioses and systems ahead of the operating system at boot time--before the OS AV components could act to eradicate it. Coming in under the OS like that a nasty bit of software could actually take over a machine without having to go through the OS at all--and secure-boot UEFI eliminates that possibility (pretty much) and because it's a program accessible to the OS that means that any OS-resident AV software can see right down through the UEFI--and if it spots a nasty can act to kill it from the OS level after the system boots. The older, standard bios has no protection during boot and if something gets into the bios it probably wouldn't allow itself to be flashed out of existence, so the only way to fix it would be to pop in a new bios chip.
Chances of ordinary people running into something like this even with a standard bios is very remote. This is the kind of thing you see in a targeted attack, usually espionage at the corporate level. But even there it is not at all common--at least as far as detection goes...
Thanks alot for explanations and informations @waltc3, really appreciated.
UEFI really didn't take off until a good while after Win7 shipped, and from what you say here it appears you have a standard bios and do not have a UEFI system. (Pay no attention to the UEFI markings on your USB stick--that's just advertising...
) The main point to UEFI is the secure-boot function, which was designed to stop viruses and other malware that were getting into bioses and systems ahead of the operating system at boot time--before the OS AV components could act to eradicate it. Coming in under the OS like that a nasty bit of software could actually take over a machine without having to go through the OS at all--and secure-boot UEFI eliminates that possibility (pretty much) and because it's a program accessible to the OS that means that any OS-resident AV software can see right down through the UEFI--and if it spots a nasty can act to kill it from the OS level after the system boots. The older, standard bios has no protection during boot and if something gets into the bios it probably wouldn't allow itself to be flashed out of existence, so the only way to fix it would be to pop in a new bios chip.
Chances of ordinary people running into something like this even with a standard bios is very remote. This is the kind of thing you see in a targeted attack, usually espionage at the corporate level. But even there it is not at all common--at least as far as detection goes...
Thanks alot for explanations and informations @waltc3, really appreciated.
F1refly
Senior Member
Posts: 9042
Joined: 2004-07-31
Senior Member
Posts: 9042
Joined: 2004-07-31
#5034748 Posted on: 03/22/2015 10:31 PM
Good thing I don't have a bios.
Good thing I don't have a bios.
Angrycrab
Senior Member
Posts: 276
Joined: 2013-10-26
Senior Member
Posts: 276
Joined: 2013-10-26
#5034764 Posted on: 03/22/2015 11:02 PM
I have the F10 bios version Installed on my Gigabyte Z68, which Is a legacy bios.
Should I be worried?
I have the F10 bios version Installed on my Gigabyte Z68, which Is a legacy bios.
Should I be worried?
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 13039
Joined: 2003-05-11
We've survived this long, so...........