3

How can I secure an Award BIOS from being flashed or attacked by a remote attacker?

Are there other types of BIOS that are more secure?

Henning Klevjer
  • 1,835
  • 15
  • 20
Nicholas
  • 31
  • 1

1 Answers1

2

I think you're looking at the problem the wrong way. BIOS flashing as part of malware is immensely uncommon, and is usually only found as part of some kind of sophisticated APT-style attack. Remember that the BIOS image isn't generic across all motherboards - it varies based on the type of interrupt controller, DMA controller, southbridge (chipset), memory bus type, etc. There has never been a recorded case of a generic attack across different motherboard types.

Keep in mind that BIOS firmware has a whole host of different checks and safety measures, too:

  • Proprietary checksum.
  • Digital signature in UEFI BIOS images.
  • Integrity checks on interrupt handlers (won't boot without valid handlers)
  • DualBIOS (backup ROM)

This is difficult even from a legitimate standpoint, so developing a malicious BIOS is exceedingly difficult.

Looking at it from an operational point of view, if the attacker has administrative access to your system, they could potentially flash your BIOS. At this point though, there are so many alternative persistence vectors that BIOS infection is going to rank at the absolute bottom of the list. The only solution is to not allow them to gain administrative access. There are a pile of other questions on here about preventing attackers from gaining access to your system, with plenty of recommendations.

Polynomial
  • 135,049
  • 43
  • 306
  • 382
  • APT - Advanced Persistent Threat – Sean W. Oct 20 '12 at 20:05
  • 2
    It is not that difficult to backdoor BIOS these days - there is even a generic framework for that - Rakshasa by @endrazine http://www.slideshare.net/endrazine/defcon-hardware-backdooring-is-practical – Vitaly Osipov Oct 21 '12 at 10:18
  • @VitalyOsipov Interesting. Still, it makes some assumptions about the system. I spend a lot of time digging around new malware, and I've yet to see a single case of BIOS infection, even in state-sponsored malware such as Stuxnet and Gauss. – Polynomial Oct 21 '12 at 11:54