It is estimated that millions of computers contain vulnerabilities in the local BIOS chip which is (Basic Input / Output System) allowing attackers to infect a system permanently and then steal all kinds of data and information. The LegbaCore researchers showed this in a proof of concept last week at the CanSecWest conference in Vancouver. BIOS contains a set of basic instructions for communication between the operating system and the hardware. It is essential for the operation of the computer and also the first major software that is being loaded onto the computer.
During their demonstration (pdf, pptx), the researchers got different “incursion” vulnerabilities in the System Management Mode (SMM). SMM is a mode of Intel processors that allows firmware to perform certain functions. By using this mode, for example, the contents of the BIOS chip can be adapted or used for the installation of a “payload”. Hence, it is possible to install root kits to steal passwords and other data from the compromised system.
SMM malware also gives the opportunity to read all the data is in the machine’s memory. The researchers therefore showed how they were able to access a BIOS through the incursion vulnerabilities, and then install the “Light Eater SMM payload”. Via this malware they could extract GPG keys, passwords and steal decrypted messages from the Tails privacy operating system on an MSI computer.