How to prevent hackers injecting code into the bios?

Discussion in 'privacy problems' started by invaderz, Dec 10, 2013.

Thread Status:
Not open for further replies.
  1. invaderz

    invaderz Registered Member

    Joined:
    Dec 3, 2013
    Posts:
    22
    How could you prevent someone from infecting your chips on the mother board like the bios? Is there a way to make doing something like that impossible? Possibly modification of the mother board? I'm currently developing a system that prevents hackers 100% from modifying my computer in any way.

    There has to be a way to prevent write access to the bios and other chips on the system. I never flash my bios or any chips anyways so it doesn't matter. On this system there would be no need to anyways.
     
  2. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
  3. invaderz

    invaderz Registered Member

    Joined:
    Dec 3, 2013
    Posts:
    22
    Nothing in those threads comes close to what I'm talking about. I already plan to destroy the on-board microphone, camera, and even the sound card if possible. On-board wifi will be removed or destroyed.

    The question is how to prevent the hacker from accessing the bios. How it works and what to do to prevent any writing to it.

    The BIG question is what can they even do if they did get code into the bios. The bios only runs once so what ever they do will be in the ram. Couldn't you just kill the process?

    I guess there just really isn't anything you can do. Just limit what they can do /get and try to prevent it in the first place.
     
  4. invaderz

    invaderz Registered Member

    Joined:
    Dec 3, 2013
    Posts:
    22
    The only thing I can think of is hardware changes. Install some switches that will sever the connection from the board to the chips. Since BIOS and other chips only have to run once at start up all you have to do is kill the connection once there pc is up and running.

    They could try to get in but there would be no physical way. It shouldn't be a problem because the pc has no use for the chips once it is booted up.
     
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    What you're talking about basically cannot be done IMO. Chances are that if a computer can compute, it can be subverted in some way.

    (IIRC theories of computability have something to say on this.)
     
  6. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    If you think about severing the connection between a mobo and the BIOS chip after booting and have such skills, you'll probably already know about mobo jumpers.
    Like above, I'm doubting your course/needs allow for a functional computing device.
     
  7. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    What about if password protect or lock the BIOS access?
     
  8. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    I use a BIOS PW and have from the day dot. The only way I can see circumvention is for system to be compromised where it will be exploited to flash the BIOS or some crazy airgap exploit.
     
  9. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    same here I have password protected mine too.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    It would be better, I think, to use more-or-less disposable machines for work that involves such risks, and ensure that they're fully isolated (network and storage) from your other machines.

    If the BIOS is installed in a socket, you could replace it when appropriate. However, other motherboard firmware might be at risk, and at some point you might as well replace the entire board. Perhaps you could buy a lot of discontinued motherboards and CPUs at low prices.
     
  11. invaderz

    invaderz Registered Member

    Joined:
    Dec 3, 2013
    Posts:
    22
    Great and thanks for the comments. The hackers now have far more advanced programs than you probably can comprehend at this time. Myself included.

    Password on the bios wouldn't help against these guys.

    Disposable systems are an excellent idea. However... I would be far more interested in a system that completely thwarts all attempts to corrupt the board, hd, disks, ect.

    Only possibility I have actually considered is finding out what wire or line on the board is used to input data into the chips. Sever it. Use no hard drive or a read only drive (truly read only).

    If you think about it there really is no reason to write to the chips once your PC is set up the way you want it.

    -------------------------

    What this will accomplish is more privacy and lack of satisfaction for the hacker since he can leave no bombs or tracking programs.
     
Loading...
Thread Status:
Not open for further replies.