Automating remote BIOS attacks

Legbacore's upcoming "digital voodoo" presentation will reveal an automated means of discovering BIOS defects that are vulnerable to remote attacks, meaning that your computer can be compromised below the level of the OS by attackers who do not have physical access to it.

A common threat-model for secure computing anticipates that a computer that is not physically compromised can be trusted if it is booted into a clean, secure operating system, like Tails, a privacy-oriented operating system recommended and used by Edward Snowden. Though there's been long suspicion that spy agencies have exotic means of remotely compromising computer BIOS, these remote exploits were considered rare and difficult to attain.

Legbacore founders Corey Kallenberg and Xeno Kovah's Cansecwest presentation, scheduled for next week, automates the process of discovering these vulnerabilities. Kallenberg and Kovah are confident that they can find many more BIOS vulnerabilities; they will also demonstrate many new BIOS attacks that require physical access.

Computers whose BIOS is compromised cannot be booted into a trustworthy state, because the BIOS can trick the operating system about what the underlying machine is doing. This means that a computer targeted by a BIOS attack could leak private communications and keys, even if it is booted with Tails.

He claimed that even other Tails protections, such as the memory wiper and offline mode, would not save it from the malware he and Kovah created. “We can just write the secrets you scrape to non-volatile storage and just wait until we have access to the internet to exfiltrate that data to the attacker.

“If an attacker has remote software accessged is coming after you.”

'Voodoo' Hackers: Stealing Secrets From Snowden's Favorite OS Is Easier Than You'd Think [Thomas Fox-Brewster/Forbes]