Products > Security

UEFI rootkits

(1/5) > >>

madires:
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us (https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/)

Marco:
I want my write protect jumper back.

twospoons:

--- Quote from: Marco on July 28, 2022, 07:21:46 pm ---I want my write protect jumper back.

--- End quote ---

Me too. Its such a ridiculously simple solution to bios security. 

MrMobodies:

--- Quote ---Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced.
--- End quote ---

Oh dear.

So even if I install an operating system in "non UEFI" mode on a "UEFI" system and someone downloaded and run it, I wonder would it still be able to operate from the firmware despite it not booting from UEFI?.


--- Quote ---While researchers from fellow security firm Qihoo360 reported on an earlier variant of the rootkit in 2017, Kaspersky and most other Western-based security firms didn’t take notice. Kaspersky’s newer research describes in detail how the rootkit—found in firmware images of some Gigabyte or Asus motherboards—is able to hijack the boot process of infected machines. The technical underpinnings attest to the sophistication of the malware.
--- End quote ---

Does that mean that older "non UEFI" systems are going to be a bit more safer from this kind of vulnerability?

It seems like the same pattern to me where certain features are introduced that are out of the user's control and can end up working against them.

Nominal Animal:

--- Quote from: twospoons on July 28, 2022, 09:48:34 pm ---
--- Quote from: Marco on July 28, 2022, 07:21:46 pm ---I want my write protect jumper back.

--- End quote ---
Me too. Its such a ridiculously simple solution to bios security.

--- End quote ---
Me three.

Cryptographic signature checking won't fix this, either.  Large companies have shown that they just cannot keep the private keys sufficiently private; they always leak, humans being humans.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version