|
Top-level
 @moira @dangoodin @matrosov that's honestly not a bad idea, if that is how exploits for this work, if they modify the existing image to inject malware then maybe it won't help, or if they already make user visible changes. I haven't read the article yet though so I can only speculate One thing to mention is that with BIOS there isn't even a security boundary to be crossed, you are free to modify firmware at any time, so this is still better security than that. 3 comments
@moira @dangoodin @matrosov I finally had time to read, the article says this can be done so its not visible. It also mentions just registering the sha256 hash of legit logo files and scanning for those, this could be added to AV pretty easily as well, right, so an unexpected logo file is detected quickly, although I suppose the malware could try and hide itself from scanning. Once malware gets to a fundamental level of the system, it's hard for subordinate levels to kick it out  @raven667 @dangoodin @matrosov Well yeah, it can be done without being visible - _by replacing the image with your sabotaged one, which shows the same image but also has the payload_. Or that's how I read it. The point is to have a non-standard image in there first so that if it swaps in what looks like the standard image, you know _something_ has happened. You don't know what, and it doesn't stop it - it's just an alarm of sorts. |
Gregory's Server
@raven667 @dangoodin @matrosov The vector is to replace the image with an apparently-identical image that is malformed to create a payload. This takes a degree of crafting, so given how many slices of the install base there are (since each one has to attack a particular BIOS) I'm pretty sure they're going to use manufacturer-original graphics.
So if you've replaced yours with a graphic screen made of text reading "still good" in some font and suddenly you have the manufacturer bootup image back, you know _something_ has happened.
It wouldn't _stop_ anybody... well, maybe it could, right? If someone does write an attack to modify rather than replace the image, having the wrong image there would almost certainly break that specific attack.
@raven667 @dangoodin @matrosov The vector is to replace the image with an apparently-identical image that is malformed to create a payload. This takes a degree of crafting, so given how many slices of the install base there are (since each one has to attack a particular BIOS) I'm pretty sure they're going to use manufacturer-original graphics.