LightEater malware attacks uEFI BIOSes

Published by

Click here to post a comment for LightEater malware attacks uEFI BIOSes on our message forum
#5033758
https://forums.guru3d.com/data/avatars/m/224/224067.jpg
Talking to The Register, Kopvah explained that the problem is made worse because of the fact that very few people take the trouble to update their BIOS. This is something the pair are hoping to change by highlighting the ease with which an unpatched BIOS can be infected with malware."
Oh, I keep my BIOS updated, when the manufacture actually releases updates (Yea ASUS, 3 years ago was my last update, thanks)
#5033766
https://forums.guru3d.com/data/avatars/m/90/90667.jpg
If there is anything i can say about Asus bios updates for mobo, is that they are frequent and good, job well done. Unlike support for xonar series... if that pose a threat i hope they release counter bios fast.
#5033769
data/avatar/default/avatar33.webp
My latest BIOS I flashed last September! So, do we need another BIOS update to patch this exploit or will it just be left as they think no one will actually use it?
#5033774
data/avatar/default/avatar24.webp
updating your BIOS on a regular basis
I just follow the general rule of "if it ain't broken, don't fcking touch it", since you know, updating a bios is not without risks.
#5033780
https://forums.guru3d.com/data/avatars/m/258/258801.jpg
So ASRock is out on this one? 😀
#5033785
data/avatar/default/avatar09.webp
Interesting. I flashed my BIOS on my ASUS Z97-pro to 1204 which had been the latest for a while until they released another update to allow compatibility with Broadwell Cpus. This makes me wonder if this effects BIOSes on boards they mentioned that have never ever been flashed/patched by the user.
#5033824
https://forums.guru3d.com/data/avatars/m/224/224067.jpg
Looks like Intel boards are getting BIOS updates for longer than AMD boards with ASUS
#5033852
https://forums.guru3d.com/data/avatars/m/90/90667.jpg
Looks like Intel boards are getting BIOS updates for longer than AMD boards with ASUS
intel got bigger P that's y 😀
#5033854
https://forums.guru3d.com/data/avatars/m/243/243702.jpg
If there is anything i can say about Asus bios updates for mobo, is that they are frequent and good, job well done. Unlike support for xonar series... if that pose a threat i hope they release counter bios fast.
Do you mean things like their G73 bios update which if performed from other than fat32 filesystem ended up bricking notebooks?
#5033862
https://forums.guru3d.com/data/avatars/m/191/191875.jpg
Maybe I missed it in the article but how exactly does the system become infected in the first place? I mean it's all well talking about BIOS updates but if the only method of infection requires someone with a USB stick to have direct access to the computer then it's all a bit pointless then isn't it?
#5033866
data/avatar/default/avatar30.webp
Good thing i don't use BIOS anymore, long live UEFI.
#5033868
https://forums.guru3d.com/data/avatars/m/224/224067.jpg
UEFI is still a BIOS for all intents and purposes and can generally be switched back to Legacy BIOS too EDIT - The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing codes across multiple UEFI BIOSes and places home users, businesses and governments at risk.
#5033883
https://forums.guru3d.com/data/avatars/m/196/196284.jpg
Good thing i don't use BIOS anymore, long live UEFI.
This affects UEFI.....not the old, outdated BIOS system, which actually had mechanisms to prevent such attacks. You should really re-read the OP....
#5033902
https://forums.guru3d.com/data/avatars/m/254/254725.jpg
Maybe now the MB manufacturers will stop saying that updating your BIOS is at your own risk. I try to keep my BIOS up to date but it can be a pain sometimes. I ended up having to flash my current board with the internet option because the USB method failed every time.
#5033905
https://forums.guru3d.com/data/avatars/m/228/228140.jpg
Saw this coming.
#5033908
https://forums.guru3d.com/data/avatars/m/258/258688.jpg
I noted in this story the word "implant"...this seems to denote hardware and the implication is that if you cannot get your hands on a machine physically you cannot "implant" [whatever it is] and cannot crack secure boot. The nature of this "implant" is murky at best... Also, nobody knows what the NSA does and what it doesn't do. I'm amazed at all of the self-appointed NSA spokespersons there are for the NSA these days...;) People don't work for the NSA and yet think they know "all about it"....strange, but true... I think lots of people may be running their UEFI in Legacy mode without realizing it...run msinfo32 to check...if you see the following two entries you are OK: Bios mode UEFI Secure boot state ON If you have UEFI but you are not using secure boot, those entries will read: Bios mode LEGACY Secure boot state OFF and you are not getting the security benefit of your UEFI when it runs in Legacy mode.
#5033913
https://forums.guru3d.com/data/avatars/m/247/247876.jpg
We didn't even have to do anything special; we just had a kernel driver write an invalid instruction to the first instruction the CPU reads off the flash chip, and bam, it was out for the count, and never was able to boot again.
If you have injected kernel driver on target computer there is no need to do any more, and you can count such computer at your service. I suspect that HW programmer can repair ruined BIOS.
#5033920
data/avatar/default/avatar15.webp
I just built a computer with a UEFI BIOS and I can understand why it's vulnerable, but the software does make it much easier to update. The motherboard I got (ASUS) came with some management software that downloads and patches the BIOS in seconds, automatically. I guess the real problem is when ASUS move on and stop supporting that motherboard.

Next Page