Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Bios vulnerabilities: Researchers see millions of computers at risk
by Rudolf Faix Tuesday, March 24, 2015 1:15 PM

Bios Chip"How Many Would You Like To BIOSes million Infect?" Is the dramatic title that security researchers Xeno Kopvah and Corey Kallenberg have chosen for her recent lecture. The speech is so threatened by millions of computers.

At a conference in Vancouver the two security researchers have warned of gaps in the BIOS of many computers. The manufacturers concerned are already working on updates - but it is anticipated that the little will bring.

"Because people do not update their bios, there are vulnerabilities that have been known in recent years, still," citing the "Wired" Xeno Kopvah. On the website of the researchers is, the probability is high that the majority of systems that are currently used, is at risk of at least one vulnerability.

Until now it was already assumed that intelligence Bios exploit vulnerabilities to attack. In the In-house order catalog of the department ANT, there are malicious programs that also nest in the bios. They work even further if the hard disk is deleted and a new operating system will be kept up.

Kopvahs and Kalle's discovery now shows that not only secret services with a billion $ budget is able to spy on computer thanks Bios vulnerabilities.

The two have developed a malicious program called Light Eater, with which the firmware can be manipulated on computers from Gigabyte, Acer, MSI, HP and Asus - at least in theory. The researchers have so far only as examples carried out some attacks; their software is used for testing purposes.

If the BIOS have certain weaknesses then Light Eater allows entering the System Management Mode of computers. If once it has infiltrated the code on the flash memory, then the code of the BIOS can override according their wishes. Computers from different manufacturers are under threat, because companies often use similar code elements.

The researchers describe two ways to exploit the BIOS vulnerabilities, including an attack remotely, is sent to the attack code, for example by phishing e-mail. Uncomplicated is the procedure for a physical access to the device.

Kopvah and Kallenberg declared loudly "Wired", that they sometimes manipulated a BIOS in two minutes for their purposes. In one test, it has the team apparently also managed to capture data from a computer that is running Tails - that is those Linux distribution, the whistleblower Edward Snowden recommends for secure communication.

The researchers have notified the affected manufacturers, who are already working on updates. However, the crucial question will be: “How many users actually will install these updates at the end”.

 

Tags: , ,

Security

Filter by APML

Follow me

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.