New Bios Implant, Vulnerability Discovery Tool to Deput at CANSECWEST by Michael Mimoso.
From the post:
When the National Security Agency’s ANT division catalog of surveillance tools was disclosed among the myriad of Snowden revelations, its desire to implant malware into the BIOS of targeted machines was unquestionable.
While there’s little evidence of BIOS bootkits in the wild, the ANT catalog and the recent disclosure of the Equation Group’s cyberespionage platform, in particular module NLS_933W.DLL that reprograms firmware from most major vendors, leave little doubt that attacks against hardware are leaving the realm of academics and white hats.
Tomorrow at the CanSecWest conference in Vancouver, researchers Corey Kallenberg and Xeno Kovah, formerly of MITRE and founders of startup LegbaCore, will deliver research on new BIOS vulnerabilities and present a working rootkit implant into BIOS.
“Most BIOS have protections from modifications,” Kallenberg told Threatpost. “We found a way to automate the discovery of vulnerabilities this space and break past those protections.”
…
Take good notes and blog extensively if you are at the conference. Please!
Certainly good news on the bios front. At least in the sense that the more insecure government computers are, the safer the rest of us are from government overreaching. Think of it as a parity of discovery/disclosure. When J Edgar wasn’t in drag, he had scores of agents to tap your phone.
Now, thanks to the Internet and gullible government employees, the question isn’t when will information leak but from who and about what? Still need more leaks but that’s a topic for a separate post.
The real danger lies in government becoming disproportionately secure vis-a-vis its citizens.
Details on CanSecWest.