The Number Of Known UEFI Hacks Has Doubled! To Two …
Infecting the UEFI on a motherboard is no small task thankfully, as you need physical access to hack the flash chip on the motherboard to implement a hack, there is no known way to do this remotely. The problem is that once the motherboard’s UEFI is infected, it can do whatever it feels like at boot, long before any antivirus software can attempt to detect it, let alone stop it.
The original UEFI hack involved an anti-theft chip from Absolute Computrace added into the vast majority of OEM laptops. It was intended to ensure that your laptop quietly phoned home frequently so that if stolen then Computrace could disable the laptop as well as locate it. If one was to modify the module to call somewhere else you could get up to all sorts of nefarious deeds. This prompted Kaspersky Lab to design a firmware scanner to compare a system’s UEFI to a validated one and recently they discovered a new type of infection.
This one checks for a specific, innocuously names file in the Windows startup folder and if it isn’t there copies it in. That tiny file then reached out to an external server to trigger another file copy and so on, ensuring the infection could persist even through multiple removals. It also allowed the attacker to customize the infection to each possible machine or profile as well as updating it. Ars Technica delves into the details in this article.
If that wasn’t scary enough for your Monday, follow this Tweet into a interesting project where Linux is installed to hardware on a hard drive, not the hard drive itself. This little mod and hack would grant you full access to that drive where ever it ended up, with no one the wiser.