can a BIOS be hacked by a cybercriminal?
A friend told me in a handwritten letter that her computer has been thoroughly hacked by a hacker. She expressed concern that the hacker may have, among other things, "irreversibly tampered with the BIOS." This may be only because I don't study cybercrime and am fairly ignorant about it, but I've never heard of a computer's BIOS, or anything outside the hard drive, being tampered with by a hacker. Is that possible? I supposed that if my computer was invaded by a hacker and I couldn't determine the extent of the hacking, replacing the hard drive and not transferring over any files (unless I could prove they were clean, which I probably never could) would be a safe solution. So am I wrong?
|
that would be a highly unlikely scenario
tampering with the bios is something that is difficult at best, one mistake would leave the machine toast, not to mention the benefits of doing so for an attacker are almost nil since the bios doesn't really do much once the computer is booted to an operating system, so i would have to say her fears are baseless. as for proving files are clean? that's a little more difficult, but there are quite a few scanners that can scan files, though if she was hacked i'd be more worried about files being outright stolen rather than tampered with, it's the PROGRAMS i'd really worry about being tampered with (unless it's a windows machine with NTFS, then moving files to a linux partition, and back, then scanning them would be a safe bet. |
A BIOS can be hacked and altered, just like it can be upgraded by you. BIOS hacks are fairly rare, I think, but don't take my word for it.
Several threads on this site give you instructions for what to do and look for if you think you've been rooted. You would never be one hundred percent sure that you've detected everything that the invader might have done, but it would help. You could then store safe data files and wipe your hard drive. If BIOS is hacked, you'd have to flash a new BIOS. Check the security forum for threads on checking your box. |
Yes, BIOS can be hacked
Like the previous author said, just like upgrading BIOS, you can do the modifications in the BIOS too.
|
Quote:
|
This is a very interesting article from the past week, titled "Mebromi: the first BIOS rootkit in the wild"
http://blog.webroot.com/2011/09/13/m...t-in-the-wild/ I think its safe to say it is possible, although in the past malware which could add its own code to the BIOS has been purely proof of concept. There could be dangerous days ahead if more of these BIOS rootkits appear, as the problem with the BIOS (being the first thing a computer loads up) is that even if you wiped your harddiscs and completely reinstalled the operating system, the rootkit is still there and able to change things... |
Quote:
As far as benefits go, there are a few- Quote:
Yeah, I know, toms isnt exactly a security site. ;) @ newbiesforever- I doubt that your friend has had her BIOS hacked. If shes worried, flashing the BIOS is the best idea. While it is at least in theory possible to write a BIOS virus that can 'hide' when the BIOS is reflashed, its not something seen 'in the wild'...AFAIK, and 'yet' anyway. BTW, I'd flash from a floppy or a USB flash drive, not from windows. Flashing the BIOS from windows is the most likely way that a BIOS virus could avoid the BIOS flash. |
I agree that you should NEVER flash a BIOS from Window$. I always flash from a DOS boot disk.
It is possible to get a BIOS rootkit. What I would do is the flash the BIOS after you have eliminated other possibilities. |
All times are GMT -5. The time now is 06:57 AM. |