LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 09-16-2011, 11:19 PM   #1
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,892

Rep: Reputation: 62
can a BIOS be hacked by a cybercriminal?


A friend told me in a handwritten letter that her computer has been thoroughly hacked by a hacker. She expressed concern that the hacker may have, among other things, "irreversibly tampered with the BIOS." This may be only because I don't study cybercrime and am fairly ignorant about it, but I've never heard of a computer's BIOS, or anything outside the hard drive, being tampered with by a hacker. Is that possible? I supposed that if my computer was invaded by a hacker and I couldn't determine the extent of the hacking, replacing the hard drive and not transferring over any files (unless I could prove they were clean, which I probably never could) would be a safe solution. So am I wrong?

Last edited by newbiesforever; 09-17-2011 at 12:49 AM.
 
Old 09-16-2011, 11:53 PM   #2
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
that would be a highly unlikely scenario
tampering with the bios is something that is difficult at best, one mistake would leave the machine toast, not to mention the benefits of doing so for an attacker are almost nil since the bios doesn't really do much once the computer is booted to an operating system, so i would have to say her fears are baseless.

as for proving files are clean? that's a little more difficult, but there are quite a few scanners that can scan files, though if she was hacked i'd be more worried about files being outright stolen rather than tampered with, it's the PROGRAMS i'd really worry about being tampered with (unless it's a windows machine with NTFS, then moving files to a linux partition, and back, then scanning them would be a safe bet.
 
Old 09-16-2011, 11:57 PM   #3
moxieman99
Member
 
Registered: Feb 2004
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 413

Rep: Reputation: 88
A BIOS can be hacked and altered, just like it can be upgraded by you. BIOS hacks are fairly rare, I think, but don't take my word for it.

Several threads on this site give you instructions for what to do and look for if you think you've been rooted. You would never be one hundred percent sure that you've detected everything that the invader might have done, but it would help. You could then store safe data files and wipe your hard drive. If BIOS is hacked, you'd have to flash a new BIOS.

Check the security forum for threads on checking your box.
 
Old 09-17-2011, 12:01 AM   #4
psrdotcom
LQ Newbie
 
Registered: Sep 2011
Posts: 5

Rep: Reputation: Disabled
Yes, BIOS can be hacked

Like the previous author said, just like upgrading BIOS, you can do the modifications in the BIOS too.
 
Old 09-17-2011, 05:17 AM   #5
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by newbiesforever View Post
A friend told me in a handwritten letter that her computer has been thoroughly hacked by a hacker. She expressed concern that the hacker may have, among other things, "irreversibly tampered with the BIOS." This may be only because I don't study cybercrime and am fairly ignorant about it, but I've never heard of a computer's BIOS, or anything outside the hard drive, being tampered with by a hacker. Is that possible? I supposed that if my computer was invaded by a hacker and I couldn't determine the extent of the hacking, replacing the hard drive and not transferring over any files (unless I could prove they were clean, which I probably never could) would be a safe solution. So am I wrong?
This is possible, but unlikely. Motherboard manufacturers provide software for upgrading bios firmware, so writing bios from within running OS is possible. I haven't heard about standard API for writing system bios, but it might exist. Win95.CIH was capable of infecting bios onsome machines. (IMO) Unless your friend is highly attractive attack target hacker wouldn't bother with bios tampering. Tampering with installed software will be easier.
 
Old 09-17-2011, 01:55 PM   #6
coralfang
Member
 
Registered: Nov 2010
Location: Bristol, UK
Distribution: Slackware, FreeBSD
Posts: 309
Blog Entries: 2

Rep: Reputation: 84
This is a very interesting article from the past week, titled "Mebromi: the first BIOS rootkit in the wild"
http://blog.webroot.com/2011/09/13/m...t-in-the-wild/

I think its safe to say it is possible, although in the past malware which could add its own code to the BIOS has been purely proof of concept.

There could be dangerous days ahead if more of these BIOS rootkits appear, as the problem with the BIOS (being the first thing a computer loads up) is that even if you wiped your harddiscs and completely reinstalled the operating system, the rootkit is still there and able to change things...
 
Old 09-18-2011, 01:39 AM   #7
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,718

Rep: Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904
Quote:
Originally Posted by frieza View Post
that would be a highly unlikely scenario
tampering with the bios is something that is difficult at best, one mistake would leave the machine toast, not to mention the benefits of doing so for an attacker are almost nil since the bios doesn't really do much once the computer is booted to an operating system, so i would have to say her fears are baseless.
Unlikely and not exactly easy...but what 'hacker' is going to care about possible risk to the machine?

As far as benefits go, there are a few-

Quote:
Once an attacker has admin rights, the rootkit could be flashed onto the BIOS and would remain effective even if the original virus on the hard disk were removed. Even a complete format wouldn’t rid the system of the virus.

"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."
http://www.tomshardware.com/news/bio...door,7400.html

Yeah, I know, toms isnt exactly a security site.

@ newbiesforever- I doubt that your friend has had her BIOS hacked. If shes worried, flashing the BIOS is the best idea. While it is at least in theory possible to write a BIOS virus that can 'hide' when the BIOS is reflashed, its not something seen 'in the wild'...AFAIK, and 'yet' anyway.

BTW, I'd flash from a floppy or a USB flash drive, not from windows. Flashing the BIOS from windows is the most likely way that a BIOS virus could avoid the BIOS flash.
 
Old 09-18-2011, 04:50 AM   #8
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
I agree that you should NEVER flash a BIOS from Window$. I always flash from a DOS boot disk.

It is possible to get a BIOS rootkit. What I would do is the flash the BIOS after you have eliminated other possibilities.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dodgy bios? 'Bios may corrupt low RAM, working around it' Fred Caro Linux - Newbie 8 05-02-2011 05:29 AM
[SOLVED] My network is hacked for sure. I want to reinstall but it will be hacked again. MsRefusenik Linux - Security 19 10-18-2010 06:02 PM
Easy Bios? (floppy that boots and runs new bios) tearinox Linux - Hardware 5 10-12-2004 06:13 PM
need Bios driver to exec custom on board bios code wmain Linux - Software 0 09-03-2004 09:32 AM
old BIOS (1992) won't detect my cdrom drive; BIOS says: neither IDE prots enabled carbono Linux - Hardware 5 05-18-2004 12:07 PM


All times are GMT -5. The time now is 10:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration