When The Motherboard Comes With a Virus



Fanboi

Well-Known Member
Joined
Apr 16, 2021
Messages
499
Reaction score
406
Credits
6,114
Literally why I keep saying hardware-based security is pointless; just as you can flash a bad ROM onto your mothboard, so you can clear one, which translates to hardware locks. Now a sane manufacturer would not start panicking and leave this alone. But they won't. Nah, perfect excuse to add some additional security chip running a stripped down MINIX/BSD kernel + some weird alt userland. As it stands, this attack has 2 weaknesses:
1) As stated, just flash your board's ROM before anything.
2) Use an external packet filter. Either flash an old router or use an SBC and there you go, payload blocked... Well, unless they built a tiny executable that the "badBIOS" could load into an area of RAM marked as "bad" (to ensure it was left alone by the system) and then loaded it later on as, say a driver etc... That'd need skill.

Of course, biggest problem is this will "justify" more locking down of the system and we all know how that will go. Sad thing is that this is actually not that dangerous now that we know it exists (as is the case with ~90% exploits). I mean you just add "flash my BIOS" to the steps in building your PC or setting up your laptop.

If users take responsibility, security is a trivial issue for the home computer. And the more open it is, the better. I hear "easier exploit" but also "easier patch/solution".

Just my 2c. Be responsible, keep up to date on security news globally, treat all aoftware and hardware as untrusted. Should be fine. BTW, thanks for the heads-up, speaking of up to date with security news.
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,298
Reaction score
6,195
Credits
24,880
Might be worth moving this to Linux Security and pinning it for a while, it's a good read, with a good response.

I'll see if my fellow Staffers @Rob and @KGIII and @arochester have any thoughts on the matter, they could PM me in one of our Mod Threads.

If any problems with that, Alex, sing out.

Cheers

Chris
 
OP
Alexzee

Alexzee

Well-Known Member
Joined
Jun 1, 2019
Messages
2,295
Reaction score
1,117
Credits
11,914
Might be worth moving this to Linux Security and pinning it for a while, it's a good read, with a good response.

I'll see if my fellow Staffers @Rob and @KGIII and @arochester have any thoughts on the matter, they could PM me in one of our Mod Threads.

If any problems with that, Alex, sing out.

Cheers

Chris
Thanks, mate!

Have a great day-:)
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Latest posts

Top