UEFI BIOSes Are Threatened By New LightEater Malware
Gabriel Roşu / 3 years ago
While the new UEFI BIOSes are neat and come with a lot of features, they are also miniaturised OSes in their own, which makes them as vulnerable as a normal OS. Security researchers Corey Kallenberg and Xeno Kovah proved at CanSecWest how easy it is for an unskilled individual to implant a so-called LightEater malware and infect the system in a few moments.
The researchers proved that unpatched BIOSes can easily be affected with a malware and virus, they pointed out that motherboards from manufacturers such as Gigabyte, Acer, MSI, HP and Asus are at risk, especially if the BIOS is not updated to the most recent version from the manufacturers’ website.
BIOS malwares are especially dangerous since, as the researchers point out, the OS antivirus or other antivirus softwares only protect the OS it is running and not the BIOS too. The malware is said to be able to infect huge number of systems by creating System Management Mode implants, which can be custom made for individual BIOSes with a simple pattern matching. They also point out that a BIOS from Gigabyte was found to be particularly insecure.
We didn’t even have to do anything special; we just had a kernel driver write an invalid instruction to the first instruction the CPU reads off the flash chip, and bam, it was out for the count, and never was able to boot again.
While the vulnerability is said to already be exploited by the NSA, the researchers are encouraging businesses and governments to take some extra time in updating their PCs to the latest BIOS in order to plug the security hole.
Thank you Guru3D for providing us with this information