BIOS Vulnerability Still Roaming Wild despite Warnings

A multi-year effort to prevent hackers from altering computers while they boot up has largely failed and the flaws are still being exploited despite their disclosures. According to researchers from the federal founded MITRE lab, many Intel customers have still not adopted the revised security design distributed in March after even more vulnerabilities were discovered.

This could leave many newer Windows computers exposed, MITRE told Reuters ahead of their Black Hat presentation.

Intel’s point person on the issue, Bruce Monroe, said that he didn’t know how many suppliers and computer makers had followed Intel’s recommendations. “We’re not privy to whether they’ve fixed it or not. We asked them to let us know.”

The NSA Director Keith Alexander already urged the chief executives of major American technology companies years ago to do something about the boot-up procedure (BIOS). Because the start-up code is given more authority, hackers who break the code can make major changes to programs and hide their presence as well as survive power-down and reboots.

The successor called Unified Extensible Firmware Interface (UEFI) is widely adopted now and has features like secure boot where digital signatures are checked before code is run. Microsoft was one of the first to embrace the new system with their Windows 8.

With flaws like this, it’s no surprise that well-funded spying programs as those exposed by Edward Snowden can continue to succeed against targets that depend on a complex supply chain.

MITRE made a similar presentation at last years Black Hat conference where Corey Kallenberg and Xeno Kovah broke into Dell’s boot-up process. Since the talk they have deployed sensors to about 10.000 computers to determine whether the boot procedures were still vulnerable. A shocking 55 percent of them still were, but the actual percentage is said to be even higher as the checks were done by Intel’s old UEFI guidelines that still allowed for memory corruption.

The threat is very real as shown for recent events. The 2011 Mebromi attack on Chinese computers using the Phoenix BIOS, last years report by Der Spiegel about the NSA tool called DeityBounce and just earlier this year Reuters reported about a U.S. Defense Contractors product, priced over $100k, for “incapacitating target computers by attacking BIOS and other critical elements”.

Thank you Reuters for providing us with this information

Images courtesy of Hardware Analysis