| Thread Tools |
4th October 2018, 08:52 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 153,541
| UEFI hack is finally with us All you Unified Extensible Firmware Interface (UEFI) boot system are belong to any government State hackers have come up with a way of creating a backdoor in commercial software which effectively installs a virus in the UEFI. ESET Research has published a paper detailing the discovery of a malware campaign that has been running since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive replacement. Dubbed “LoJax,” the malware is the first case of an attack leveraging the Unified Extensible Firmware Interface (UEFI) boot system being used in an attack by an adversary. It is believed to have been penned by the Sednit/Fancy Bear/APT 28 threat group—the Russian state-sponsored operation tied by US intelligence and law enforcement to the cyber-attack on the Democratic National Committee. LoJax was built to be deployed remotely, using malware tools that can read and overwrite parts of the UEFI firmware’s flash memory. “Along with the LoJax agents,” ESET researchers noted, “tools with the ability to read systems’ UEFI firmware were found, and in one case, this tool was able to dump, patch and overwrite part of the system’s SPI flash memory. This tool’s ultimate goal was to install a malicious UEFI module on a system whose SPI flash memory protections were vulnerable or misconfigured”. While LoJax shows all the hallmarks of a state-funded attack, the Fancy Bear team borrowed from a commercial software product that was purpose-built to stay active in a computer’s firmware. LoJax’s rootkit is essentially a modified version of a 2008 release of the LoJack anti-theft agent from Absolute Software, known at release as Computrace. “LoJack attracted a lot of attention in recent years as it implements a UEFI/BIOS module as a persistence mechanism,” the ESET team wrote. That firmware module ensured a software “small agent” stayed installed on the computer, which connected to an Absolute Web server—even if the computer had its drive wiped. In other words, Computrace was a commercially developed firmware rootkit. https://fudzilla.com/news/47311-uefi...inally-with-us |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Ticketfly is finally back online after hack | Stefan Mileschin | WebNews | 0 | 8th June 2018 15:45 |
Gigabytes the Dust with UEFI Vulnerabilities | Stefan Mileschin | WebNews | 0 | 7th April 2017 05:47 |
Sony finally hands out free game codes for its 2011 hack | Stefan Mileschin | WebNews | 0 | 10th March 2016 14:16 |
What You Need to Know About Using UEFI Instead of the BIOS | Stefan Mileschin | WebNews | 0 | 18th November 2013 13:43 |
Linux Foundation finally gets Microsoft signature on secure UEFI bootloader | Stefan Mileschin | WebNews | 0 | 12th February 2013 09:54 |
Some Socket FM1 Gigabyte Motherboards Get UEFI Revisions | Stefan Mileschin | WebNews | 0 | 2nd November 2012 07:17 |
UEFI Forum Releases UEFI 2.3.1 Specification Update | Stefan Mileschin | WebNews | 0 | 4th July 2012 10:21 |
Know-How: UEFI - Only graphical BIOS or more? @ ocaholic | Stefan Mileschin | WebNews | 0 | 20th October 2011 07:46 |
Design MSI’s next-gen UEFI based ClickBIOS | jmke | WebNews | 0 | 18th November 2010 14:42 |
MSI's Click BIOS - Evaluating UEFI | jmke | WebNews | 0 | 19th January 2009 16:57 |
Thread Tools | |
| |