BIOS Too Easily Bypassed

More and more hardware stores wish to use the NIST 800-155 specification in order to keep the firmware BIOS more secure for both PCs and laptops. However, a team of researchers belonging to the Computer SecurityMITRE Corporation state that the approach that is being presently used relies too much on the mechanisms responsible for access control. Their reason behind this is that these mechanisms are easily bypassed currently.

 

The researchers plan to unveil newly developed concepts that can slyly get past the TPM (Trusted Platform Module) chip and allow it to continue believing that nothing is wrong with the software. The malware can then continue infecting the BIOS even after it has been altered in any way, for example if it has been reset or flashed. Even an update may not be able to secure the software in this case.

 

How the Malware Gets Passed BIOS

 

As of now, the BIOS flash chip contains the code required for the system TPM chips to function.They are neededMotherboard so that the measurement and PCR (Platform Configuration Register) keep the BIOS from being infected. However, affecting this with the malware allows it to manipulate the PCR into changing its value, following an inconsistency between this and the TPM.

 

Two different malware that are said to be unveiled at Black Hat are now called the “tick” and the “flea” for their abilities to either be stealthy or be able to jump between BIOS revisions. The flea is said to be able to predict a firmware update and hide itself to be a part of the update as well.

 

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Image courtesy of [Salvatore Vuono, wandee007] / FreeDigitalPhotos.net

This entry was posted in Computer Security, malware and tagged , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5