When The Motherboard Comes With a Virus



Literally why I keep saying hardware-based security is pointless; just as you can flash a bad ROM onto your mothboard, so you can clear one, which translates to hardware locks. Now a sane manufacturer would not start panicking and leave this alone. But they won't. Nah, perfect excuse to add some additional security chip running a stripped down MINIX/BSD kernel + some weird alt userland. As it stands, this attack has 2 weaknesses:
1) As stated, just flash your board's ROM before anything.
2) Use an external packet filter. Either flash an old router or use an SBC and there you go, payload blocked... Well, unless they built a tiny executable that the "badBIOS" could load into an area of RAM marked as "bad" (to ensure it was left alone by the system) and then loaded it later on as, say a driver etc... That'd need skill.

Of course, biggest problem is this will "justify" more locking down of the system and we all know how that will go. Sad thing is that this is actually not that dangerous now that we know it exists (as is the case with ~90% exploits). I mean you just add "flash my BIOS" to the steps in building your PC or setting up your laptop.

If users take responsibility, security is a trivial issue for the home computer. And the more open it is, the better. I hear "easier exploit" but also "easier patch/solution".

Just my 2c. Be responsible, keep up to date on security news globally, treat all aoftware and hardware as untrusted. Should be fine. BTW, thanks for the heads-up, speaking of up to date with security news.
 
Might be worth moving this to Linux Security and pinning it for a while, it's a good read, with a good response.

I'll see if my fellow Staffers @Rob and @KGIII and @arochester have any thoughts on the matter, they could PM me in one of our Mod Threads.

If any problems with that, Alex, sing out.

Cheers

Chris
 
Might be worth moving this to Linux Security and pinning it for a while, it's a good read, with a good response.

I'll see if my fellow Staffers @Rob and @KGIII and @arochester have any thoughts on the matter, they could PM me in one of our Mod Threads.

If any problems with that, Alex, sing out.

Cheers

Chris
Thanks, mate!

Have a great day-:)
 

Members online


Latest posts

Top