LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (https://www.linuxquestions.org/questions/general-10/)
-   -   can a BIOS be hacked by a cybercriminal? (https://www.linuxquestions.org/questions/general-10/can-a-bios-be-hacked-by-a-cybercriminal-903464/)

newbiesforever 09-16-2011 11:19 PM

can a BIOS be hacked by a cybercriminal?
 
A friend told me in a handwritten letter that her computer has been thoroughly hacked by a hacker. She expressed concern that the hacker may have, among other things, "irreversibly tampered with the BIOS." This may be only because I don't study cybercrime and am fairly ignorant about it, but I've never heard of a computer's BIOS, or anything outside the hard drive, being tampered with by a hacker. Is that possible? I supposed that if my computer was invaded by a hacker and I couldn't determine the extent of the hacking, replacing the hard drive and not transferring over any files (unless I could prove they were clean, which I probably never could) would be a safe solution. So am I wrong?

frieza 09-16-2011 11:53 PM

that would be a highly unlikely scenario
tampering with the bios is something that is difficult at best, one mistake would leave the machine toast, not to mention the benefits of doing so for an attacker are almost nil since the bios doesn't really do much once the computer is booted to an operating system, so i would have to say her fears are baseless.

as for proving files are clean? that's a little more difficult, but there are quite a few scanners that can scan files, though if she was hacked i'd be more worried about files being outright stolen rather than tampered with, it's the PROGRAMS i'd really worry about being tampered with (unless it's a windows machine with NTFS, then moving files to a linux partition, and back, then scanning them would be a safe bet.

moxieman99 09-16-2011 11:57 PM

A BIOS can be hacked and altered, just like it can be upgraded by you. BIOS hacks are fairly rare, I think, but don't take my word for it.

Several threads on this site give you instructions for what to do and look for if you think you've been rooted. You would never be one hundred percent sure that you've detected everything that the invader might have done, but it would help. You could then store safe data files and wipe your hard drive. If BIOS is hacked, you'd have to flash a new BIOS.

Check the security forum for threads on checking your box.

psrdotcom 09-17-2011 12:01 AM

Yes, BIOS can be hacked
 
Like the previous author said, just like upgrading BIOS, you can do the modifications in the BIOS too.

SigTerm 09-17-2011 05:17 AM

Quote:

Originally Posted by newbiesforever (Post 4474107)
A friend told me in a handwritten letter that her computer has been thoroughly hacked by a hacker. She expressed concern that the hacker may have, among other things, "irreversibly tampered with the BIOS." This may be only because I don't study cybercrime and am fairly ignorant about it, but I've never heard of a computer's BIOS, or anything outside the hard drive, being tampered with by a hacker. Is that possible? I supposed that if my computer was invaded by a hacker and I couldn't determine the extent of the hacking, replacing the hard drive and not transferring over any files (unless I could prove they were clean, which I probably never could) would be a safe solution. So am I wrong?

This is possible, but unlikely. Motherboard manufacturers provide software for upgrading bios firmware, so writing bios from within running OS is possible. I haven't heard about standard API for writing system bios, but it might exist. Win95.CIH was capable of infecting bios onsome machines. (IMO) Unless your friend is highly attractive attack target hacker wouldn't bother with bios tampering. Tampering with installed software will be easier.

coralfang 09-17-2011 01:55 PM

This is a very interesting article from the past week, titled "Mebromi: the first BIOS rootkit in the wild"
http://blog.webroot.com/2011/09/13/m...t-in-the-wild/

I think its safe to say it is possible, although in the past malware which could add its own code to the BIOS has been purely proof of concept.

There could be dangerous days ahead if more of these BIOS rootkits appear, as the problem with the BIOS (being the first thing a computer loads up) is that even if you wiped your harddiscs and completely reinstalled the operating system, the rootkit is still there and able to change things...

cascade9 09-18-2011 01:39 AM

Quote:

Originally Posted by frieza (Post 4474121)
that would be a highly unlikely scenario
tampering with the bios is something that is difficult at best, one mistake would leave the machine toast, not to mention the benefits of doing so for an attacker are almost nil since the bios doesn't really do much once the computer is booted to an operating system, so i would have to say her fears are baseless.

Unlikely and not exactly easy...but what 'hacker' is going to care about possible risk to the machine?

As far as benefits go, there are a few-

Quote:

Once an attacker has admin rights, the rootkit could be flashed onto the BIOS and would remain effective even if the original virus on the hard disk were removed. Even a complete format wouldn’t rid the system of the virus.

"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."
http://www.tomshardware.com/news/bio...door,7400.html

Yeah, I know, toms isnt exactly a security site. ;)

@ newbiesforever- I doubt that your friend has had her BIOS hacked. If shes worried, flashing the BIOS is the best idea. While it is at least in theory possible to write a BIOS virus that can 'hide' when the BIOS is reflashed, its not something seen 'in the wild'...AFAIK, and 'yet' anyway.

BTW, I'd flash from a floppy or a USB flash drive, not from windows. Flashing the BIOS from windows is the most likely way that a BIOS virus could avoid the BIOS flash.

H_TeXMeX_H 09-18-2011 04:50 AM

I agree that you should NEVER flash a BIOS from Window$. I always flash from a DOS boot disk.

It is possible to get a BIOS rootkit. What I would do is the flash the BIOS after you have eliminated other possibilities.


All times are GMT -5. The time now is 12:54 PM.