Digital Common Sense

January 26, Security Focus — Researchers: Rootkits headed for BIOS. Insider attacks and industrial espionage could become stealthier by hiding malicious code in the core system functions available in a motherboard’s flash memory, researchers said on Wednesday, January 25, at the Black Hat Federal Conference. A collection of functions for power management, known as the Advanced Configuration and Power Interface (ACPI), has its own high−level interpreted language that could be used to code a rootkit and store key attack functions in the Basic Input/Output System (BIOS) in flash memory, according to John Heasman, principal security consultant for UK−based Next−Generation Security Software. The researcher tested basic features, such as elevating privileges and reading physical memory, using malicious procedures that replaced legitimate functions stored in flash memory. “Rootkits are becoming more of a threat in general −− BIOS is just the next step,” Heasman said during a presentation at the conference. “While this is not a threat now, it is a warning to people to look out.” The worries come as security professionals are increasingly worried about rootkits. While some attacks have attempted to affect a computer’s flash memory, the ability to use the high−level programming language available for creating ACPI functions has opened up the attack to far more programmers.
Source: http://www.securityfocus.com/news/11372

rootkits, BIOS, Infosec

Filed by Ken at 12:46 pm under InfoSec