Researchers Demo BIOS Attack That Survives Disk Wipes

suraj.sun writes "A pair of Argentinian researchers have found a way to perform a BIOS level malware attack capable of surviving even a hard-disk wipe. Alfredo Ortega and Anibal Sacco from Core Security Technologies — used the stage at last week's CanSecWest conference to demonstrate methods (PDF) for infecting the BIOS with persistent code that will survive reboots and re-flashing attempts. The technique includes patching the BIOS with a small bit of code that gave them complete control of the machine. The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player."

I've already had BIOS malware

[Rosco P. Coltrane]

preinstalled, on ASUS boards: it was the BIOS itself. It too survived hard disk wipes, but it didn't survive my sledgehammer.

Re:I guess it's official.

[Dunbal]

It's official - we're screwed.

      Happy news for most of the nerds on this site who sigh and collectively whisper "Finally!"

Re:I guess it's official.

[Anonymous Coward]

It's official - we're screwed.

      Happy news for most of the nerds on this site who sigh and collectively whisper "Finally!"

/golfclap

PDF

[JewGold]

Wait, you want me to open a PDF [slashdot.org] from folks who know how to create such a supervirus? Hmm.

Re:why is it OS dependant

[Drakkenmensch]

Because without direct access to the physical computer, it requires (as any other malware or virus does) an entryway from the internet and cooperation from the operating system. Anyone can destroy my laptop with the keys to my appartment and a sledgehammer, but doing it from a distance requires a windows flaw to exploit.

Re:PDF

[L4t3r4lu5]

It's already too late for you, I'm afraid. You've already read the stub of the article which was copied from the original website by another person. The virus jumped through their monitor (writing directly onto their retina using a zero-day exploit) which was then transcoded into nerve pulses. These were transfered to the poster's fingers which caused very small, but significant, induced current in their keyboard. The virus travelled through the USB port and into the PC, and got posted to slashdot. It now resides in your brain, and mine, ready to be exploited at the author's whim.

Or, you really need to take off the tinfoil hat.

Re:Requires root privileges or physical access

[bev_tech_rob]

The nice thing about this exploit requiring physical access is that you may have a fairly decent chance to catching the perp and applying a size 13 (my shoe size) patch upside their head or backside. Then make them pay for a new systemboard after they trashed your current one with this nasty bit of code....

Re:PDF

[MadKeithV]

There is some irony in the fact that most botnet zombies are indeed caused by lack of brains.

Doesn't affect me

[NotQuiteReal]

I boot without a bios - by toggling in raw machine code from the front panel switches!

Re:I guess it's official.

[wassabison]

This is a brilliant idea. To make it better, we will eventually want to allow this program on the motherboard to take updates. Of course at this point we will need another program to monitor the updates to our program that monitors the updates to the bios. To make that better, it will also have to take updates...

Re:Fatal flaw: No BIOS reset

[wastedlife]

Add another layer to your tinfoil hat?

Re:Intel only?

[xystren]

Then again, 99% of the users out there wouldn't open their case for anything, they're afraid the magic pixies will escape...

No magic pixies in my case... It's fighting Uraki that live in my case...

Uraki are much k00ler than magic pixies...{rolling eyes}

Cheers,
Xyst