One of the notable trends in recent years has been the drive, among malicious actors, to compromise devices in new- and hard-to-detect ways. An area of interest and exploration is malicious software that can attack a computer’s BIOS – the small bit of code that runs when a computing device is first powered on. BIOS malware is so powerful because it offers adversaries the possibility of getting a foothold on systems prior to an operating system and the security features- and applications that run there. Successful BIOS attacks give attackers almost total control over the system they are installed on.
BIOS malware isn’t a new idea. In fact, it has been around since the late 1990s, when the Chernobyl Virus was identified. That virus could wipe a machine’s BIOS, a well as the contents of its hard drive. But BIOS threats have been getting more attention lately. Proof of concept malware appeared as recently as 2007. In 2011, virus researchers working for a Chinese firm identified MEBROMI, a boot sector virus infecting systems in that country.
Last year, The NSA warned about offensive cyber weapons developed by the Chinese military that could infect the bios and ‘destroy’ systems they were installed on. There have been calls by NIST and others for manufacturers to find a way to harden- or replace BIOS with a more robust, attack resistant alternative.
For all the warnings, though, BIOS attacks are difficult to pull off. In fact, the most high profile report of BIOS based malware in recent years, the so-called BadBIOS malware that plagued machines owned by the noted security researcher Dragos Ruiu is believed, by some, to be a figment of Ruiu’s fevered imagination.
To sort it all out, I sat down with Brian Richardson, a Senior Technical Marketing Engineer with Intel Software and Services Group and Intel’s representative to the UEFI Forum, where he’s on the industry comms working groupThe UEFI forum is a community effort by leading technology and PC firms to modernize the booting process.
Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.
UEFI stands for “Unified Extensible Firmware Interface”. The UEFI specification defines a new model for the interface between personal-computer operating systems and platform firmware. While UEFI is mostly used today to manage large installations of servers and desktops, it has applications that will be just as useful in the kind of distributed computing environments that we’re going to see in the coming years with the Internet of Things.
I started by asking Brian how UEFI addresses the kinds of security threats associated with BIOS malware. Check out the podcast below to hear our entire conversation.
|Listen on Security Ledger|
|Listen on Soundcloud.com|