Gregory's Serverwould it be useful to replace the boot image yourself in advance to a locally-known image, so that if it's suddenly displaying manufacturer logo you know something is up?
|
5 comments
 @moira @dangoodin @matrosov that's honestly not a bad idea, if that is how exploits for this work, if they modify the existing image to inject malware then maybe it won't help, or if they already make user visible changes. I haven't read the article yet though so I can only speculate One thing to mention is that with BIOS there isn't even a security boundary to be crossed, you are free to modify firmware at any time, so this is still better security than that. @moira @dangoodin @matrosov I finally had time to read, the article says this can be done so its not visible. It also mentions just registering the sha256 hash of legit logo files and scanning for those, this could be added to AV pretty easily as well, right, so an unexpected logo file is detected quickly, although I suppose the malware could try and hide itself from scanning. Once malware gets to a fundamental level of the system, it's hard for subordinate levels to kick it out  @raven667 @dangoodin @matrosov Well yeah, it can be done without being visible - _by replacing the image with your sabotaged one, which shows the same image but also has the payload_. Or that's how I read it. The point is to have a non-standard image in there first so that if it swaps in what looks like the standard image, you know _something_ has happened. You don't know what, and it doesn't stop it - it's just an alarm of sorts. |
@moira @dangoodin @matrosov
Good question. Anyone know?
Also, would opting to set the administrator password in BIOS be useful?