It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

BIOS "Rootkit" Preloaded In 60% of New Laptops

page: 1
5

log in

join
share:

posted on Jul, 31 2009 @ 11:59 AM
link   

Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected.

it.slashdot.org...

Damn, I'm going to have to scan everyone's laptops now!
Another wasted weekend, at least I'll have a case of beer to make it less painful.





posted on Jul, 31 2009 @ 12:18 PM
link   
reply to post by warrenb
 


Damn, I filled up all the open ports in Windows XP, and now I have to worry about my BIOS. Does this never end?

Come here Bill Gates, i want to show my appreciation



posted on Jul, 31 2009 @ 12:24 PM
link   
Reply to post by warrenb
 


oh bol,um testicles.Just recently got one.Am i annoyed?


 
Posted Via ATS Mobile: m.abovetopsecret.com
 



posted on Jul, 31 2009 @ 12:33 PM
link   
So, basically it's not that this Rootkit is preloaded on 60% of new laptops, but 60% of new laptops have a vulnerability in their BIOS to allow a Rootkit to be installed.

That's entirely a different situation. Proof of Concept Vulnerabilities are valuable to prevent them being used in the wild by criminals, but they aren't necessarily representative of what is actually going on in the wild.

The software that runs in your BIOS can be flashed (and should be flashed when new BIOS updates are released by your manufacturer). Give it two weeks max and you'll see a BIOS update fixing this vulnerability from every manufacturer affected.



posted on Jul, 31 2009 @ 12:39 PM
link   
reply to post by fraterormus
 


possibly, however not everyone is tech-savy enough to know how to do an update. Heck most people don't know what a web browser is, pretty sad really.






posted on Jul, 31 2009 @ 12:58 PM
link   
reply to post by fraterormus
 


The whole danger was that it's a vournebility that survices reflashing. That's really really bad.
Anyone know where a list of laptops affected could be found?



posted on Jul, 31 2009 @ 01:20 PM
link   

Originally posted by PsykoOps
The whole danger was that it's a vournebility that survices reflashing. That's really really bad.


That's not true. It is an Application that runs in BIOS. If you flash your BIOS, all Applications that are kept in the BIOS in Static Memory are flushed and replaced with the Applications your are installing into Static Memory. The BIOS in modern computers are EEPROM (Electronically Erasable Programmable Read Only Memory). They are erased intentionally when doing a BIOS update because it uses a higher voltage to erase the contents before writing to it...or when exposed to ultraviolet light (a practical use for your Blacklight).


Originally posted by PsykoOps
Anyone know where a list of laptops affected could be found?


List of BIOS Affected



posted on Jul, 31 2009 @ 01:24 PM
link   
From the original source:



This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.'


They demonstrated this in a security convention. This is exactly the reason why this is such a threat.


[Edit] Crap mine is on the list


[edit on 31/7/2009 by PsykoOps]



posted on Jul, 31 2009 @ 01:37 PM
link   

Originally posted by PsykoOps

They demonstrated this in a security convention. This is exactly the reason why this is such a threat.



After a little research I found that the Proof of Concept Vulnerability is a two-part attack. It isn't persistent in the BIOS if you reflash it, however at boot-time when the Hard-drive is accessed, if the code exists on the Hard-Drive in the MBR but not in the BIOS then it reinstalls itself to the BIOS, likewise if it is not in the MBR of your Hard-Drive it reinstalls itself to the MBR.

Removing it would involve a two-step process of performing a Low-Level format on all infected Hard-Drives and then reflashing the BIOS.

Likewise, although this Vulnerability has been proven possible it assumes that you A.) Have either physical access to the computer and/or B.) Root-level Access. To date, there has not been any malicious code that could install itself to the BIOS without user-assistance. This Proof of Concept was no different. Password Protecting your BIOS will prevent the Proof of Concept Vulnerability from happening as well.

It is definitely a Vulnerability concern, but nothing to panic about just yet...unless you approve everything that asks for Root-level Access and type in your Administrator password every time you are prompted.



posted on Jul, 31 2009 @ 01:42 PM
link   
Oh good. Well I'll have to keep an eye on this one cause I'm paranoid



posted on Jul, 31 2009 @ 02:36 PM
link   
reply to post by warrenb
 


lolz


But its common for people not to know about details of things they use everyday. Try asking whats a CCD to an average camera user or EMU to a daily subway passenger. But I liked how Google has become a name for everything that is internet just like xerox was a name for photocopies.

I read the /. post and it seems the only way to get rid of it is to change the bios completely (one with this 'feature' disabled) and never to turn it on. Or wait for a fix and pray....



posted on Jul, 31 2009 @ 02:41 PM
link   
reply to post by warrenb
 


Yup I can attest to that one. I just bought 3 Labtops for my kids for back to school and being a Network Engineer, I scan and destory everything when I buy it and rebuilt it the way I want.

And I found that exact rootkit software in all three of them. They were all different models and different makes as well.

It's an easy fix however, not something that's hardwired in there. Only took me a few minutes with a Linux Magic Disk to clear it all out.

~Keeper



new topics

top topics



 
5

log in

join