It is estimated that millions of computers contain vulnerabilities in the local BIOS chip which is (Basic Input / Output System) allowing attackers to infect a system permanently and then steal all kinds of data and information. The LegbaCore researchers showed this in a proof of concept last week at the CanSecWest conference in Vancouver. BIOS contains a set of basic instructions for communication between the operating system and the hardware. It is essential for the operation of the computer and also the first major software that is being loaded onto the computer.
During their demonstration (pdf, pptx), the researchers got different “incursion” vulnerabilities in the System Management Mode (SMM). SMM is a mode of Intel processors that allows firmware to perform certain functions. By using this mode, for example, the contents of the BIOS chip can be adapted or used for the installation of a “payload”. Hence, it is possible to install root kits to steal passwords and other data from the compromised system.
SMM malware also gives the opportunity to read all the data is in the machine’s memory. The researchers therefore showed how they were able to access a BIOS through the incursion vulnerabilities, and then install the “Light Eater SMM payload”. Via this malware they could extract GPG keys, passwords and steal decrypted messages from the Tails privacy operating system on an MSI computer.
Tails is a privacy and security-oriented operating system that can be loaded from DVD or USB stick.
To install the BIOS malware attacker has two options, either through malware on your computer, for example, via an infected email or drive-by download. The second way is to have physical access to the system. The researchers would have already reported the problem to several manufacturers who are now working on a solution.
Even if BIOS updates are released they will probably have little effect. Most people do not install BIOS updates, the researchers said.
What to do
Update your BIOS to the latest version and keep track of future BIOS updates.