This can turn out to be really bad!
-
I have always protected my systems by keeping up to date system images and data backups, but I often wondered what would happen if some clever hacker developed a virus that corrupts the computer's BIOS. To the best of my knowledge, the BIOS is saved in a hardware chip on the computer's main board. Since the BIOS loads the operating system, if the BIOS is corrupted there's not much you can do about such a virus. Yes, I have a utility from Dell that will reflash the BIOS chip, but since the BIOS virus controls the operating system, will it allow Windows to reflash the BIOS chip? I doubt it! The main mechanism used by this malware is to corrupt the manufacturer's logo that first shows on startup, before Windows is loaded. I find this scary, but I have one point in my favor: I only bought Dell devices for my family. Here is a quote from the article below:
Quote:
Many devices sold by Dell aren't directly exploitable because the image files are protected by Intel Boot Guard, making it impossible to be replaced, even during a physical attack.
You can read more here: Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack | Ars Technica[^]
Ok, I have had my coffee, so you can all come out now!
-
I have always protected my systems by keeping up to date system images and data backups, but I often wondered what would happen if some clever hacker developed a virus that corrupts the computer's BIOS. To the best of my knowledge, the BIOS is saved in a hardware chip on the computer's main board. Since the BIOS loads the operating system, if the BIOS is corrupted there's not much you can do about such a virus. Yes, I have a utility from Dell that will reflash the BIOS chip, but since the BIOS virus controls the operating system, will it allow Windows to reflash the BIOS chip? I doubt it! The main mechanism used by this malware is to corrupt the manufacturer's logo that first shows on startup, before Windows is loaded. I find this scary, but I have one point in my favor: I only bought Dell devices for my family. Here is a quote from the article below:
Quote:
Many devices sold by Dell aren't directly exploitable because the image files are protected by Intel Boot Guard, making it impossible to be replaced, even during a physical attack.
You can read more here: Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack | Ars Technica[^]
Ok, I have had my coffee, so you can all come out now!
Cp-Coder wrote:
if the BIOS is corrupted there's not much you can do about such a virus.
Some motherboards, such as some Gigabytes, comes with a backup BIOS which can't be flashed. So, if the machine is mission critical then it's worth considering a board that has one. You can literally just boot with the backup BIOS and reflash the main one.
Cp-Coder wrote:
Yes, I have a utility from Dell that will reflash the BIOS chip, but since the BIOS virus controls the operating system, will it allow Windows to reflash the BIOS chip? I doubt it!
Windows has zero say-so on whether or not you can flash the BIOS. At best it can restart the computer. Any flashing software isn't using the Windows kernel, API, etc. To your point though, a virus could in theory prevent the reflashing (not sure though). That being said, these days a BIOS is stored on EEPROMs, so nothing can prevent you from physically taking the chip out of the computer and rewriting a good BIOS on it before putting the chip back in the computer. Sure you'd have to soldier/desolder, but it would work.
Cp-Coder wrote:
You can read more here:
The logo fail thing has been around for a while, just FYI. There may be a new instance of this that just surfaced, but it's nothing new. Secure Boot will help mitigate some issues with this. It's not perfect since a virus could bypass that too, but it'll at least make it a bit harder for the virus. All scare tactics aside, this is one of those cases where an ounce of prevention is worth a pound of cure though. If a machine is mission critical it should be behind a DMZ/firewall/something with locked down restrictions.
Jeremy Falcon
-
I have always protected my systems by keeping up to date system images and data backups, but I often wondered what would happen if some clever hacker developed a virus that corrupts the computer's BIOS. To the best of my knowledge, the BIOS is saved in a hardware chip on the computer's main board. Since the BIOS loads the operating system, if the BIOS is corrupted there's not much you can do about such a virus. Yes, I have a utility from Dell that will reflash the BIOS chip, but since the BIOS virus controls the operating system, will it allow Windows to reflash the BIOS chip? I doubt it! The main mechanism used by this malware is to corrupt the manufacturer's logo that first shows on startup, before Windows is loaded. I find this scary, but I have one point in my favor: I only bought Dell devices for my family. Here is a quote from the article below:
Quote:
Many devices sold by Dell aren't directly exploitable because the image files are protected by Intel Boot Guard, making it impossible to be replaced, even during a physical attack.
You can read more here: Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack | Ars Technica[^]
Ok, I have had my coffee, so you can all come out now!
I've stubbornly use MBR on all my machines for concern the real reason for UEFI is so Microsoft can control from where your pc loads it's boot code such as Azure someday and viola Subscription Windows. I don't use 11 at all and only 10 on my MBR DAW because the audio software I use "requires" it. So UEFI is exploited, bummer drag.
-
Cp-Coder wrote:
if the BIOS is corrupted there's not much you can do about such a virus.
Some motherboards, such as some Gigabytes, comes with a backup BIOS which can't be flashed. So, if the machine is mission critical then it's worth considering a board that has one. You can literally just boot with the backup BIOS and reflash the main one.
Cp-Coder wrote:
Yes, I have a utility from Dell that will reflash the BIOS chip, but since the BIOS virus controls the operating system, will it allow Windows to reflash the BIOS chip? I doubt it!
Windows has zero say-so on whether or not you can flash the BIOS. At best it can restart the computer. Any flashing software isn't using the Windows kernel, API, etc. To your point though, a virus could in theory prevent the reflashing (not sure though). That being said, these days a BIOS is stored on EEPROMs, so nothing can prevent you from physically taking the chip out of the computer and rewriting a good BIOS on it before putting the chip back in the computer. Sure you'd have to soldier/desolder, but it would work.
Cp-Coder wrote:
You can read more here:
The logo fail thing has been around for a while, just FYI. There may be a new instance of this that just surfaced, but it's nothing new. Secure Boot will help mitigate some issues with this. It's not perfect since a virus could bypass that too, but it'll at least make it a bit harder for the virus. All scare tactics aside, this is one of those cases where an ounce of prevention is worth a pound of cure though. If a machine is mission critical it should be behind a DMZ/firewall/something with locked down restrictions.
Jeremy Falcon
"If a machine is mission critical it should be behind a DMZ/firewall/something with locked down restrictions." Yes sir. Absolutely! There is this going on AI companies are reportedly still scraping websites despite protocols meant to block them[^]
"A little time, a little trouble, your better day" Badfinger
-
"If a machine is mission critical it should be behind a DMZ/firewall/something with locked down restrictions." Yes sir. Absolutely! There is this going on AI companies are reportedly still scraping websites despite protocols meant to block them[^]
"A little time, a little trouble, your better day" Badfinger
jmaida wrote:
There is this going on
Holy crap. Why does this not surprise me though...
Jeremy Falcon
-
I've stubbornly use MBR on all my machines for concern the real reason for UEFI is so Microsoft can control from where your pc loads it's boot code such as Azure someday and viola Subscription Windows. I don't use 11 at all and only 10 on my MBR DAW because the audio software I use "requires" it. So UEFI is exploited, bummer drag.