Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Discussion in 'other security issues & news' started by ronjor, Mar 20, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,780
    Location:
    Texas
    http://www.kb.cert.org/vuls/id/631788
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Ouch ouch ouch.

    This means that, on a vulnerable computer, an attacker with access to userspace memory may be able to completely bypass OS security.

    I'm hoping this attack is not easy to pull off; if it is, older hardware that uses BIOS may become a liability. Which makes me rather unhappy, because I like reusing BIOS-era machines.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,780
    Location:
    Texas
    http://www.wired.com/2015/03/researchers-uncover-way-hack-bios-undermine-secure-operating-systems/
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Just wonderful. :( Glad my main workstation uses EFI. As for the rest, well, now might be a good time to stock up on cheap ARM boards...
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    No concerns whatsoever on my end, even with my older hardware. Anyone breaking into my home will most likely be some junkie looking to steal and pawn off whatever possible to address his next fix. I've got literally nothing of value to anyone, especially Government or law enforcement agencies stored on my computers.

    As for the phishing vector, I don't fall for those.
     
  6. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    http://www.guru3d.com/news-story/lighteater-malware-attacks-uefi-bioses.html

    http://betanews.com/2015/03/21/ligh...-places-millions-of-unpatched-bioses-at-risk/
     
  7. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @wat0114: "local, authenticated attacker" also includes a remote attacker with access to a local program's memory space, and the privileges of a local user. Mandatory access control might contain it. A limited user account would provide no protection.

    (And we've been over this at least a few times.)
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Yes, I know. Still no concern of mine. My flat screen tv's will fetch greater value than anything my computers have to offer, including the data that resides on them.
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,099
    'Voodoo' Hackers: Stealing Secrets From Snowden's Favorite OS Is Easier Than You'd Think.

    -- Tom
     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,099
    Automating remote BIOS attacks

    -- Tom
     
  11. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    The article doesn't gives much details, but it just means they can search for what BIOS you use and if they want to attack BIOS still they need to intrude by other remote exploit, right?
     
  12. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @lotuseclat79: ... And I have to ask: is it really too much to keep a lid on this until some countermeasures are developed? I mean, I know putting it out there will put pressure on hardware manufacturers, etc. but in the mean time we might start seeing BIOS exploits in the wild, which would be a serious problem for everyone. Do we really need that? Is it really helpful for everyone and their script kiddie cousin to know how to bypass all OS security on x86?

    Yeah, sometimes I have serious misgivings about the way some security researchers work.

    @Yuki2718: Possibly. There are already BIOS-level backdoors (c.f. LoJack Computrace) that could provide access on some machines to start with. Even failing that, exploits against desktop client programs are a dime a dozen.
     
  13. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Well, I too know some actual BIOS rootkits, but I thought they need intrusion by other way. But I'm not sure if remote BIOS exploit is possible.
     
Loading...