It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
BIOS "Rootkit" Preloaded In 60% of New Laptops
page: 15
share:
Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected.
it.slashdot.org...
Damn, I'm going to have to scan everyone's laptops now!
Another wasted weekend, at least I'll have a case of beer to make it less painful.
reply to post by warrenb
Damn, I filled up all the open ports in Windows XP, and now I have to worry about my BIOS. Does this never end?
Come here Bill Gates, i want to show my appreciation
Damn, I filled up all the open ports in Windows XP, and now I have to worry about my BIOS. Does this never end?
Come here Bill Gates, i want to show my appreciation
Reply to post by warrenb
oh bol,um testicles.Just recently got one.Am i annoyed?
Posted Via ATS Mobile: m.abovetopsecret.com
oh bol,um testicles.Just recently got one.Am i annoyed?
So, basically it's not that this Rootkit is preloaded on 60% of new laptops, but 60% of new laptops have a vulnerability in their BIOS to allow a
Rootkit to be installed.
That's entirely a different situation. Proof of Concept Vulnerabilities are valuable to prevent them being used in the wild by criminals, but they aren't necessarily representative of what is actually going on in the wild.
The software that runs in your BIOS can be flashed (and should be flashed when new BIOS updates are released by your manufacturer). Give it two weeks max and you'll see a BIOS update fixing this vulnerability from every manufacturer affected.
That's entirely a different situation. Proof of Concept Vulnerabilities are valuable to prevent them being used in the wild by criminals, but they aren't necessarily representative of what is actually going on in the wild.
The software that runs in your BIOS can be flashed (and should be flashed when new BIOS updates are released by your manufacturer). Give it two weeks max and you'll see a BIOS update fixing this vulnerability from every manufacturer affected.
reply to post by fraterormus
possibly, however not everyone is tech-savy enough to know how to do an update. Heck most people don't know what a web browser is, pretty sad really.
possibly, however not everyone is tech-savy enough to know how to do an update. Heck most people don't know what a web browser is, pretty sad really.
reply to post by fraterormus
The whole danger was that it's a vournebility that survices reflashing. That's really really bad.
Anyone know where a list of laptops affected could be found?
The whole danger was that it's a vournebility that survices reflashing. That's really really bad.
Anyone know where a list of laptops affected could be found?
Originally posted by PsykoOps
The whole danger was that it's a vournebility that survices reflashing. That's really really bad.
That's not true. It is an Application that runs in BIOS. If you flash your BIOS, all Applications that are kept in the BIOS in Static Memory are flushed and replaced with the Applications your are installing into Static Memory. The BIOS in modern computers are EEPROM (Electronically Erasable Programmable Read Only Memory). They are erased intentionally when doing a BIOS update because it uses a higher voltage to erase the contents before writing to it...or when exposed to ultraviolet light (a practical use for your Blacklight).
Originally posted by PsykoOps
Anyone know where a list of laptops affected could be found?
List of BIOS Affected
From the original source:
They demonstrated this in a security convention. This is exactly the reason why this is such a threat.
[Edit] Crap mine is on the list
[edit on 31/7/2009 by PsykoOps]
This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.'
They demonstrated this in a security convention. This is exactly the reason why this is such a threat.
[Edit] Crap mine is on the list
[edit on 31/7/2009 by PsykoOps]
Originally posted by PsykoOps
They demonstrated this in a security convention. This is exactly the reason why this is such a threat.
After a little research I found that the Proof of Concept Vulnerability is a two-part attack. It isn't persistent in the BIOS if you reflash it, however at boot-time when the Hard-drive is accessed, if the code exists on the Hard-Drive in the MBR but not in the BIOS then it reinstalls itself to the BIOS, likewise if it is not in the MBR of your Hard-Drive it reinstalls itself to the MBR.
Removing it would involve a two-step process of performing a Low-Level format on all infected Hard-Drives and then reflashing the BIOS.
Likewise, although this Vulnerability has been proven possible it assumes that you A.) Have either physical access to the computer and/or B.) Root-level Access. To date, there has not been any malicious code that could install itself to the BIOS without user-assistance. This Proof of Concept was no different. Password Protecting your BIOS will prevent the Proof of Concept Vulnerability from happening as well.
It is definitely a Vulnerability concern, but nothing to panic about just yet...unless you approve everything that asks for Root-level Access and type in your Administrator password every time you are prompted.
Oh good. Well I'll have to keep an eye on this one cause I'm paranoid
reply to post by warrenb
lolz
But its common for people not to know about details of things they use everyday. Try asking whats a CCD to an average camera user or EMU to a daily subway passenger. But I liked how Google has become a name for everything that is internet just like xerox was a name for photocopies.
I read the /. post and it seems the only way to get rid of it is to change the bios completely (one with this 'feature' disabled) and never to turn it on. Or wait for a fix and pray....
lolz
But its common for people not to know about details of things they use everyday. Try asking whats a CCD to an average camera user or EMU to a daily subway passenger. But I liked how Google has become a name for everything that is internet just like xerox was a name for photocopies.
I read the /. post and it seems the only way to get rid of it is to change the bios completely (one with this 'feature' disabled) and never to turn it on. Or wait for a fix and pray....
reply to post by warrenb
Yup I can attest to that one. I just bought 3 Labtops for my kids for back to school and being a Network Engineer, I scan and destory everything when I buy it and rebuilt it the way I want.
And I found that exact rootkit software in all three of them. They were all different models and different makes as well.
It's an easy fix however, not something that's hardwired in there. Only took me a few minutes with a Linux Magic Disk to clear it all out.
~Keeper
Yup I can attest to that one. I just bought 3 Labtops for my kids for back to school and being a Network Engineer, I scan and destory everything when I buy it and rebuilt it the way I want.
And I found that exact rootkit software in all three of them. They were all different models and different makes as well.
It's an easy fix however, not something that's hardwired in there. Only took me a few minutes with a Linux Magic Disk to clear it all out.
~Keeper
new topics
-
Slow moving ufo over Mexico volcano Popocatepetl 8 May 2024
Aliens and UFOs: 6 hours ago -
A new Why Files How CRISPR and AI Destroy the World
Science & Technology: 6 hours ago -
Ask AI Is A Hot Mess
Links & Other Resources: 7 hours ago
top topics
-
Christianity superior to other faiths for very specific reasons. Awaken to true FREEDOM..!!
Conspiracies in Religions: 14 hours ago, 7 flags -
A new Why Files How CRISPR and AI Destroy the World
Science & Technology: 6 hours ago, 6 flags -
Battle of the Bay 2024 ; Tampa, Florida Special Forces Demonstration
Military Projects: 12 hours ago, 4 flags -
Ask AI Is A Hot Mess
Links & Other Resources: 7 hours ago, 4 flags -
Tschugger
Movies: 12 hours ago, 3 flags -
Slow moving ufo over Mexico volcano Popocatepetl 8 May 2024
Aliens and UFOs: 6 hours ago, 3 flags
active topics
-
"The Fool" - A short video featuring a harmonica-playing guy blasted by a UFO
Aliens and UFOs • 18 • : Arbitrageur -
Social Security projected to cut benefits in 2035 barring a fix
Global Meltdown • 49 • : 38181 -
A new Why Files How CRISPR and AI Destroy the World
Science & Technology • 7 • : andy06shake -
Bibi’s Dilemma
Middle East Issues • 212 • : KrustyKrab -
It's all Kicking off at Eurovision 2024
Music • 10 • : DerBeobachter2 -
Christianity superior to other faiths for very specific reasons. Awaken to true FREEDOM..!!
Conspiracies in Religions • 24 • : andy06shake -
Scientists Find 7 potential Dyson spheres after Scanning 5 million Objects
Space Exploration • 40 • : gortex -
StormyD Accused of Falsification of Business Records to Hide Money From Trump
US Political Madness • 47 • : F2d5thCavv2 -
The Acronym Game .. Pt.3
General Chit Chat • 7827 • : F2d5thCavv2 -
Russia Ukraine Update Thread - part 3
World War Three • 5780 • : F2d5thCavv2
5