Technology News

Researchers Show Hacking Your Computer's BIOS is Child's Play

By NDTV Correspondent | Updated: 23 March 2015 12:22 IST
Researchers Show Hacking Your Computer's BIOS is Child's Play
Advertisement

Two security researchers have demonstrated an easy way to attack the BIOS chips on millions of PCs in under two minutes, undermining all physical and software security and potentially allowing encrypted data including passwords to be stolen. The two suggest that this technique has most likely already been used by the US National Security Agency.

In a talk titled How Many Million BIOSes Would You Like to Infect at this year's CanSecWest conference, researchers Corey Kallenberg and Xeno Kovah showed how vulnerable the UEFI BIOS implementations on all modern motherboards are. The problem, they said, is made even worse because users rarely patch their BIOS chips when updates are released by manufacturers.

The UEFI BIOS on modern PCs is a miniature operating system itself, and is invisible to desktop antimalware programs. By taking control of it, attackers can either disable a PC entirely or subvert its functions. What's more dangerous is that direct access to data in memory is possible, which means attackers can extract encryption keys, passwords, and other data even when so-called secure operating systems are used.

Even those using the Tails OS on a secure read-only medium, as popularised by Edward Snowden in his handling of leaked government files, would be vulnerable since the attack happens at a lower level than the OS. The victim would never even know he or she had been compromised.

The duo, who founded the firmware-focused security company LegbaCore, showed off a proof-of-concept attack called LightEater, which affects all motherboard vendors and system integrators thanks to the high degree of similarity in code between UEFI BIOS implementations. The attack breaks into a System Management Mode (SMM) which provides deeper access than even administrator and root modes.

LightEater was able to compromise a variety of PCs from different vendors, all in under two minutes. Some Gigabyte motherboards were found to have particularly bad flaws in their access control security, but in all cases the primary fault was that BIOSes are nearly always unpatched.

Kallenberg and Kovah are marketing diagnostic tools to manufacturers in order to help them scan for such vulnerabilities and hopefully then create patches. However they are reasonably certain that the NSA and other similarly equipped agencies have been exploiting this vulnerability for a long time.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: BIOS, BIOS hack, BIOS security, CanSecWest, CanSecWest 2015, LightEater, PC security, Tails, UEFI BIOS, attack, encryption, hijack, seurity
Twitter Can Persuade Youngsters to Vote: Study
Myntra to Focus on Higher-Margin In-House Labels

Related Stories

Researchers Show Hacking Your Computer's BIOS is Child's Play
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. OnePlus 11R Solar Red With 8GB RAM, 128GB Storage Debuts in India: See Price
  2. Acer Predator Helios 16, Helios Neo 16 Updated With 14th Gen Intel Core CPUs
  3. Itel Super Guru 4G With YouTube, UPI Support Debuts in India: See Price
  4. Samsung Galaxy F15 5G Gets new 8GB RAM Variant in India: Price, Offers
  5. OTT Releases This Week: Rebel Moon Part 2, Article 370 and More
  6. Vivo V30e to Debut in India on This Date; Key Features, Colours Revealed
  7. Xiaomi's HyperOS Is Now Coming to the Redmi Note 13 Series in India
#Latest Stories
  1. Bitcoin ‘Halving’ Software Update Cuts Supply of New Tokens in Threat to Miners
  2. Xiaomi 14 Series 'AI Treasure Chest' With Several AI Tools in Testing, Could Debut This Year: Report
  3. Redmi Note 13 5G Series HyperOS Update Based on Android 14 Begins Rolling Out in India
  4. YouTube Reportedly Rolling Out Support for 8K Resolution Videos on the Meta Quest
  5. Lenovo Yoga Slim 7 (2024) Design Spotted in Leaked Renders; Could Debut as First Snapdragon X Elite Laptop
  6. Samsung Galaxy Z Flip 6 With Snapdragon 8 Gen 3 SoC for Galaxy Allegedly Surfaces on Geekbench
  7. Itel S24 India Launch Teased; Confirmed to Come With 108-Megapixel Main Camera, MediaTek Helio G91 SoC
  8. BWA Lays Down Self-Regulatory Guidelines on Token Listings for Indian Crypto Exchanges
  9. Samsung Galaxy F15 5G With 8GB RAM, 128GB Storage Launched in India: Price, Offers
  10. OnePlus 11R 5G Solar Red Variant With 8GB RAM, 128GB Storage Launched in India
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »