News:

Forum recently upgraded to 2.1.4. Please report any problems.

Main Menu

The UEFI rootkit rabbit hole

Started by zero, September 01, 2019, 01:10:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

zero

September 01, 2019, 01:10:04 PM
So, being forced to start over with reinstalling the OS on my main i7 Linux computer in the lab I also looked deeper into ACHI vs IDE, GPT vs MBR, and consequently UEFI vs BIOS. With all the new "features" offered by UEFI, I couldn't help but ask myself, new vulnerabilities too? Sure as $h¡t, I was right. The more I read the deeper into the rabbit hole I fell. Turns out this new attack vector is just perfect for state sponsored hackers to target opposing governments, maintain surveillance on its citizens, and even allow ransomware. So insidious and deeply embedded is this type of malware that it can persist and survive complete OS reinstallations and even hard drive swaps. This is because it resides on the "new and improved" UEFI flash ROMS embedded directly on newer computer motherboards. Isn't that just special?

It also turns out that Gigabyte was an early target for UEFI rootkit attacks and most of my own motherboards are from Gigabyte. Aren't I lucky? Apple OS 10.x also seems to be a favorite target thanks to the new reliance on Intel chips as opposed to Motorola CPU of yesteryear. So, the first thing I'm going to do when I finish typing this post it run some bootable Linux UEFI validation tools being offered by 01.org. Their latest release is only 5 weeks old at the time of this writing. Last one before that is about 8 months old so you should definitely get it. I will provide links to many of the articles and patches I have found on the topic. This is IMHO required reading for anyone concerned about deep state cyber warfare, surveillance, back doors and privacy.

Be safe out there.
Z

https://01.org/linux-uefi-validation/downloads
https://01.org/linux-uefi-validation/documentation-list
https://www.wired.com/story/fancy-bear-hackers-uefi-rootkit/
https://www.pcworld.com/article/3187264/uefi-flaws-can-be-exploited-to-install-highly-persistent-ransomware.html
https://www.pcworld.com/article/3179348/after-cia-leak-intel-security-releases-detection-tool-for-efi-rootkits.html
https://hackaday.com/tag/uefi/
https://www.welivesecurity.com/2017/10/19/malware-firmware-exploit-sense-security/
https://www.fudzilla.com/news/47311-uefi-hack-is-finally-with-us

Print
Go Up Pages1
User actions