Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Intel Technology

New Intel Firmware Boot Verification Bypass Enables Low-Level Backdoors (csoonline.com) 43

itwbennett writes: At the Hack in the Box conference in Amsterdam this week, researchers Peter Bosch and Trammell Hudson presented a new attack against the Boot Guard feature of Intel's reference UEFI implementation, known as Tianocore. The attack, which can give an attacker full, persistent access, involves replacing a PC's SPI flash chip with one that contains rogue code, reports Lucian Constantin for CSO. "Even though such physical attacks require a targeted approach and will never be a widespread threat, they can pose a serious risk to businesses and users who have access to valuable information," writes Constantin. Intel has patches available for Tianocore, but as we all remember from the Meltdown and Spectre vulnerabilities, distributing UEFI patches isn't an easy process.
This discussion has been archived. No new comments can be posted.

New Intel Firmware Boot Verification Bypass Enables Low-Level Backdoors

Comments Filter:
  • What if they use some other interface to connect the flash that the BIOS is on? Can you still use this attack?

    Lames. That's as dumb as when people were flashing Xbox BIOS and it was called a "TSOP reflash".

    • The attack isn't based on SPI; but I assume that the barrier to entry would be higher if, say, the flash were in the same package as the Platform Controller Hub or similar.

      SPI flash chips(in the package types commonly sold) have the advantage(to the attacker or the tinkerer, and to the OEM and cost-conscious customer) of being a discrete part that's pretty trivial to swap; and sufficiently standardized that changing vendors or capacities(up to a point; not going to replace eMMC or SATA DoM; but if you nee
    • by gweihir ( 88907 )

      "TSOP reflash"? That one is special! Could have called is "Epoxy reflash" or "Copper reflash". Also, any halfway competent security expert knows that a competent attacker with physical access has usually won.

  • by Anonymous Coward

    We may need this hack to deal with the "brave new world" we are being monstered into.

  • bullshit (Score:4, Informative)

    by gravewax ( 4772409 ) on Friday May 10, 2019 @08:06PM (#58572172)
    No it really doesn't pose a credible threat to businesses that possess sensitive or valuable information. If you are stupid enough or vulnerable enough that a hacker can physically open your machine and replace a chip then they could install a thousand other backdoors, keyloggers, wiretaps or any other cheaper easier devices to exfiltrate information.
    • Re:bullshit (Score:4, Interesting)

      by iggymanz ( 596061 ) on Friday May 10, 2019 @08:27PM (#58572216)

      heck in this day and age you don't even need to touch a PC, just have physical access to office to put in little camera to watch the screen, microphone for phone calls, etc. Just sub for the guy that changes light bulbs or works on HVAC... or vacuums and empties wastebaskets after hours. how about slapping fake access point or smoke detector on ceiling, most people don't even pay attention to that stuff.

      • You're living in 1980's movies (Wall Street). Military corporations and major banks do background checks on employees of outsourced infrastructure maintenance companies.

        • Thank goodness background checks are 100% effective against well-funded bad guys.
        • Casinos don't. Ask me how I know.

          • I get full background checks every 2 years, and I work for a casino.
            • I don't work for a casino. I'm an electrical/data contractor. I run the power, category wire, and fiber. And also terminate it all. I basically have free reign when I'm there.

        • you are living with your head up your ass if you imagine the illegal aliens these cleaning companies in the major cities employ really had a proper background check. just like they didn't have their citizenship checked when their amigoes at the DMV gave them a drivers license.

    • by rtb61 ( 674572 )

      People also tend to forget, when you connect your computer to the internet, the entire internet becomes a part of your hardware system. Simple rule of thumb, want it secure, do not connect it to the internet, internal network only. There is no reason internal work computers need to have anything at all to do with external communications computers, entirely separate networks and entirely separate devices.

      Some companies do need a bridge between the two, but that bridge should be a separate and specific system

    • by AHuxley ( 892839 )
      Thats why smart people hire really, really smart people to do all that on site pen testing.
      So nobody can get past security, ask the cleaner, take an elevator to the "physically open your machine" part of the building.
      Why risk the network seeing "exfiltrate information" attempts when the person can walk back in a week later and collect the data?
      The huge firewall detected nothing :)
  • by kiwioddBall ( 646813 ) on Friday May 10, 2019 @10:16PM (#58572474)

    Clearly this is dumb.

    I discovered a vulnerability on Intel machines this morning. If I have physical access to a machine and have a USB thumb drive, by issuing the copy command I can easily transfer files from the hard disk to the thumb drive!

    Talking to the uninformed media this morning, I said "Even though such physical attacks require a targeted approach and will never be a widespread threat, they can pose a serious risk to businesses and users who have access to valuable information."

    • I said "Even though such physical attacks require a targeted approach and will never be a widespread threat, they can pose a serious risk to businesses and users who have access to valuable information."

      Funny, that's exactly what the guy with the wrench said!

    • Comment removed based on user account deletion
  • Great TAO attack (Score:4, Interesting)

    by Gravis Zero ( 934156 ) on Saturday May 11, 2019 @04:17AM (#58573224)

    This is an ideal Tailor Access Operations [wikipedia.org] attack because all you have to do is intercept the computer before it's delivered and reprogram a couple chips. I'm sure the NSA has used this attack already and because it requires physical access nobody is making a big fuss to push out the fix.

Talent does what it can. Genius does what it must. You do what you get paid to do.

Working...