Blackhacker

Researchers: Rootkits headed for BIOS

A collection of functions for power management, known as the Advanced Configuration and Power Interface (ACPI), has its own high-level interpreted language that could be used to code a rootkit and store key attack functions in the Basic Input/Output System (BIOS) in flash memory, according to John Heasman, principal security consultant for U.K.-based Next-Generation Security Software.

The researcher tested basic features, such as elevating privileges and reading physical memory, using malicious procedures that replaced legitimate functions stored in flash memory.

(link added is mine)

The protection for this is VERY simple. Manufacturers should turn of by default the ability to flash the BIOS. And trigger the ability to a jumper switch directly on the mother board. Flashing your BIOS is not a basic maintenance function is a serous thing. That should be done by some one who knows what they are doing. Only those who have the confidence to pull out a screw driver and open your PC should be attempt this.

by disabling this feature by default malware can’t sneak on a PC and flash the BIOS on the sly.

Dap: /.

This entry was posted on Friday, January 27th, 2006 at 12:05 pm and is filed under Computers and Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.