LightEater malware attacks uEFI BIOSes
Click here to post a comment for LightEater malware attacks uEFI BIOSes on our message forum
moab600
If there is anything i can say about Asus bios updates for mobo, is that they are frequent and good, job well done.
Unlike support for xonar series... if that pose a threat i hope they release counter bios fast.
CalculuS
So ASRock is out on this one? 😀
Fender178
Interesting. I flashed my BIOS on my ASUS Z97-pro to 1204 which had been the latest for a while until they released another update to allow compatibility with Broadwell Cpus. This makes me wonder if this effects BIOSes on boards they mentioned that have never ever been flashed/patched by the user.
moab600
my previous mobo z68 was updated during 2014 as well, i guess it depends on the model.
moab600
intel got bigger P that's y 😀
The Laughing Ma
Maybe I missed it in the article but how exactly does the system become infected in the first place? I mean it's all well talking about BIOS updates but if the only method of infection requires someone with a USB stick to have direct access to the computer then it's all a bit pointless then isn't it?
cpy2
Good thing i don't use BIOS anymore, long live UEFI.
sykozis
This affects UEFI.....not the old, outdated BIOS system, which actually had mechanisms to prevent such attacks. You should really re-read the OP....
Prince Valiant
Maybe now the MB manufacturers will stop saying that updating your BIOS is at your own risk. I try to keep my BIOS up to date but it can be a pain sometimes. I ended up having to flash my current board with the internet option because the USB method failed every time.
waltc3
I noted in this story the word "implant"...this seems to denote hardware and the implication is that if you cannot get your hands on a machine physically you cannot "implant" [whatever it is] and cannot crack secure boot. The nature of this "implant" is murky at best...
Also, nobody knows what the NSA does and what it doesn't do. I'm amazed at all of the self-appointed NSA spokespersons there are for the NSA these days...;) People don't work for the NSA and yet think they know "all about it"....strange, but true...
I think lots of people may be running their UEFI in Legacy mode without realizing it...run msinfo32 to check...if you see the following two entries you are OK:
Bios mode UEFI
Secure boot state ON
If you have UEFI but you are not using secure boot, those entries will read:
Bios mode LEGACY
Secure boot state OFF
and you are not getting the security benefit of your UEFI when it runs in Legacy mode.
mbk1969
If you have injected kernel driver on target computer there is no need to do any more, and you can count such computer at your service.
I suspect that HW programmer can repair ruined BIOS.
primetime^
lol i really hope your were being sarcastic
Corrupt^
Exactly...
Which means I'm safe. Got one of the last pre UEFI gen Gigabyte Motherboards.
tsunami231
Sweet malware for bios that almost never kept updated by the endusers, and the manufactures all but stop updating them after about 3 years or so??. there hasnt been update for my BIOS since 2011 then again I one those users that dont update bios unless there reason to, updating bios is more risky then update software. Then again maybe that all changed since the UEFI bios which i dont really like but they sure do boot faster then the old bios, atlest pre windows loading stuff is much faster.
My pre UEFI bios are safe expect for possible my sisters 2014 ASus laptop. which is 300$ pos that less powerful then my duo core 8400e system i gave to my dad. but better then the pos 1500$ broke sony laptop her bf gave her that he knew was broke too.
I stand by the saying newer dont mean better just means newer, this newer tech can be worse and apparently less secure too now hah
sykozis
UEFI is only "safe" if you enable SecureBoot, and the malware is trying to modify UEFI prior to Windows load. If it can modify UEFI from within Windows, there's nothing to protect UEFI systems. At least the old BIOS had a write-protect mechanism to prevent modifications/updates to the BIOS without entering the BIOS and manually changing the setting.
LesserHellspawn
Can work. I prefer "patch it before it breaks". I'm even regularly checking the firmware on my devices.
Agonist
NO UEFI for me right now on my main rig. But second one is a AsRock 970 Extreme4 and its UEFI. Kinda took a little bit used to getting used before I oced the FX 8120 in it.
They latest bios for it is from Nov 2013.
pimp_gimp
You used to be able to use unsigned images by flashing the system using USB Flashback, but I think they eventually patched it out. At the same time if you were to try and inject malware into the system using that feature you'd have physically be at the machine. So I'd think Asus boards are pretty safe from this?
Darkje
So any way to detect it? I'm guessing the virus won't show itself when you dump the uefi from an infected machine to a file, so it will be hard to detect it from a running machine with active 'virus'...
anticupidon
Security logic tells me that nothing is secure,there are just levels of it.
More,there will always be the coflict between convenience and security.OEM offers just that,convenience,screw the average Jimmy who tinkers with his computer.
And when disaster strikes,just use the oldest trick in the book,by putting the blame on others.
