What's worse, researchers recently demonstrated that BIOS malware can attack multiple platforms and infect motherboards of many different manufacturers. BIOS-based malware has the potential to spread not only across various operating systems, but also through many different types of hardware-- and these attacks are difficult, but not impossible, to detect and prevent.
The latest BIOS malware attack
In March at the CanSecWest security conference, held in Vancouver, researchers Alfredo Ortega and Anibal Sacco of Core Security Technologies Inc. demonstrated a generic BIOS attack that can inject malicious code into many different BIOS types. An attacker that compromised the BIOS in this way would have full control of the underlying firmware, regardless of the operating system.
Until now, common wisdom has been that the large variety of BIOS implementations means it is unfeasible for attackers to create portable, widespread BIOS malware. Core's researchers proved this wrong. According to Core's CTO, Ivan Arce, the researchers identified a specific section of BIOS code -- a decompression routine -- used in the majority of motherboards. BIOS code is stored compressed so that it takes up less space, and code must be decompressed before it runs. The decompression routine is exactly the same in many different motherboards. This gives attackers a single snippet of code that they can target in order to compromise many different BIOSes. The result? For the first time, researchers showed that BIOS-level malware can practically infect a wide variety of hardware.
To demonstrate, the researchers injected code into the generic BIOS decompression routine of a commercial BIOS, and updated the corresponding checksums in the firmware. Then they re-flashed the BIOS and successfully demonstrated booting a Windows computer, as well as a separate VMware guest running OpenBSD.
An attacker that compromised the BIOS in this fashion could execute code at every boot, and install a traditional rootkit on the system's hard drive. Even if the hard drive was completely overwritten and re-installed, the BIOS malware could simply re-infect it again.
A history of BIOS malware attacks
Early BIOS versions were stored in read-only memory and could not be altered by a user (or an attacker). Over time, manufacturers switched to electronically erasable formats, such as flash memory, so that users could upgrade, or "flash," the BIOS when necessary.
Chernobyl's spread was partly attributed to legitimate manufacturers such as IBM, Yamaha Corp. and Activision Inc. (as well as software pirates) who unknowingly distributed the virus in commercial products. However, Chernobyl's effect on BIOSes was limited, since it could only affect a specific chipset, and the payload was unsophisticated.
Nowadays, modern BIOS attacks have the potential to be extremely stealthy and portable. To make upgrading more convenient, manufacturers and third parties have worked to make BIOS updates easier. But as always, with convenience comes risk. There are many free BIOS-flashing utilities that will scan a system and install the latest BIOS from the Internet. BIOS updates hosted by third-party sites may be infected, and the BIOS update tools themselves may be malicious. Manufacturers usually provide updates over unauthenticated HTTP and FTP connections, leaving users vulnerable to man-in-the-middle attacks.
Unfortunately, only a small percentage of manufacturers cryptographically sign their BIOS updates, and few motherboards can verify signatures. The result is that users cannot confirm that they have downloaded a manufacturer-approved BIOS. Moreover, attackers can leverage standard infection vectors to execute their own BIOS-flashing utilities, without the knowledge of the user.
How to detect and prevent BIOS infections
Detecting BIOS infections is difficult. It's possible to calculate the cryptographic hash of a known, trusted BIOS, and compare that to the BIOS that is actually installed. However, as Ivan Arce of Core Security has pointed out, sophisticated BIOS malware may try to evade that check.
There are two ways to consistently prevent BIOS infection. First, you can physically set the BIOS to be non-writable. This often involves setting a jumper on the motherboard, which will physically prevent BIOS alterations. For enterprises that perform remote BIOS updates, configuring physical BIOS write-protection would be a big step backwards in terms of maintenance efficiency (although the effort involved in cleaning up after a BIOS infection might be greater).
Second, the emergence of Trusted Platform Module (TPM) standards and similar initiatives means that some new equipment supports hardware-based BIOS integrity checking. Using a hardware cryptographic key that is burned into the chip at production, TPM-based computers can verify that BIOSes are manufacturer-approved and have not been modified.
Two decades ago, we learned the hard way that operating systems can be infected with viruses en masse. It took time for attackers to leverage vulnerabilities, and for the antivirus industry to respond accordingly. BIOS-based malware is just another step in the arms race. An enormous amount of non-TPM equipment is still being produced, and BIOS manufacturers take few if any precautions regarding BIOS update distribution.
As BIOS modification becomes easier and as more portable attacks are developed, BIOS malware will undoubtedly emerge. Security pros must remain vigilant, encourage implementation of trusted computing infrastructures, and leverage them when they exist.
About the author:
Sherri Davidoff is the co-author of the new SANS class "Sec558: Network Forensics" and author of Philosecurity. She is a GIAC-certified forensic examiner and penetration tester. She provides security consulting for many types of organizations, including legal, financial, healthcare, manufacturing, academic and government institutions.
This was first published in June 2009