Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BIOS Virus. Show all posts

Leak of BIOS Source Code Confirmed by Intel


The authenticity of the suspected leak of Intel's Alder Lake BIOS source code has been established, potentially posing a cybersecurity risk to users.

Alder Lake, the firm's 12th generation processor, which debuted in November 2021, is coded for the Unified Extensible Firmware Interface (UEFI) in the released documentation.

The breach, according to an Intel statement provided to Tom's Hardware, does not "reveal any new vulnerabilities since we do not rely on encryption of information as a defense policy."Additionally, it is urging other members of the security research community to use its bug bounty program to submit any potential problems, and it is also alerting customers about the situation.

The 5.97 GB of files, source code, secret keys, patch logs, and compilation tools in the breach have the most recent timestamp of 9/30/22, indicating that a hacker or insider downloaded the data time. Several references to Lenovo may also be found in the leaked source code, including code for 'Lenovo String Service,' 'Lenovo Secure Suite,' and Lenovo Cloud Service integrations.

Tom's Hardware, however, has received confirmation from Intel that such source code is real and is its "exclusive UEFI code."

Sam Linford, vice president of Deep Instinct's EMEA Channels, said: "Source code theft is a very serious possibility for enterprises since it may lead to cyber-attacks. Because source code is a piece of a company's intellectual property, it is extremely valuable to cybercriminals."

This year, there have been multiple instances where an organization's source code was exposed. The password manager LastPass disclosed that some of its source code had been stolen in August 2022, and Rockstar Games' Grand Theft Auto 5 and the Grand Theft Auto 6 version's source code was stolen in September 2022.

Several Dell Systems are Affected by New BIOS Bugs

 

Active exploitation of all of the identified problems cannot be detected by firmware integrity monitoring systems, as per Firmware Insyde Software's InsydeH2O and HP Unified Extensible Firmware Interface (UEFI), which discovered the vulnerabilities. As previously stated, secure remote health attestation systems are unable to detect compromised systems due to technical limitations. 

The high-severity vulnerabilities are identified as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421 on the CVSS scoring system. 

All of the weaknesses are related to poor input validation vulnerabilities in the firmware's System Management Mode (SMM), permitting a local privileged attacker to execute arbitrary code via the management system interrupt (SMI). System Management Mode in x86 microcontrollers is a special-purpose CPU mode for performing system-wide functions like power efficiency, hardware and system control, temperature monitoring, and other exclusive manufacturer-developed code. 

A non-maskable interrupt (SMI) is activated at runtime whenever one of these tasks is requested, and SMM code installed by the BIOS is executed. The method is ripe for misuse because SMM code runs at the greatest privilege level and is transparent to the underlying operating system, making it ideal for implanting persistent firmware. A variety of Dell products are affected, including the Alienware, Inspiron, Vostro, and Edge Gateway 3000 Series, with the Texas-based PC company advising customers to replace their BIOS as soon as possible. 

"The ongoing identification of these vulnerabilities demonstrates what we call repeatable failures' around input cleanliness or, in general, insecure coding habits," according to Binarly researchers. "These errors are directly related to the codebase's complexity or support for legacy components which receive less security attention but are nevertheless frequently used in the field. In many cases, the same vulnerability can be addressed numerous times, yet the attack surface's complexity still leaves open gaps for malicious exploitation." 

Dell SupportAssist is a program which manages support functions such as troubleshooting and recovery on Windows-based Dell workstations. The BIOSConnect feature can be used to restore a corrupted operating system as well as upgrade firmware. 

The functionality does this by connecting to Dell's cloud infrastructure and pulling required code to a user's device. 

BMW virus ~A New BIOS based virus discovered by Chinese Antivirus Firm

A Chinese Antivirus Firm 360 discovered a new Trojan BMW Virus that infects BIOS(motherboard chip program) and MBR(Master Boot drive)  Formatting full hard disk or installing New OS won't help you in anyway because BIOS is firmware that resides inside motherboard chip, it will work without the Hard disk.  This new virus infects BIOS so how can the formatting hard disk will help?


Virus transmission
Tied the game plug-in, tricking users to turn off security software attacks.



Phenomenon of virus move

One, Windows system before the start of the computer screen "Find it OK!" Words;
Second, anti-virus software again prompts "Hard disk boot sector virus" is not completely clear;
Third, the browser home page was altered to http://10554.new93.com/index.htm

Technical Analysis for the BMW virus :
BMW virus body is divided into BIOS, MBR and Windows of three parts, attack the process as shown below:


Prevention and Virus Removal
If you are one of 360 users , Your system is protected against BMW virus, it can not be infected with the motherboard BIOS chip and hard disk MBR;

If you turn off the computer security software for BMW has been infected. You can download 360 "BMW virus Zhuanshagongju" BIOS can detect the virus and prevent the virus code is written back to MBR, and then with 360 first aid kit to repair the system, can effectively prevent Such recurrent virus.
Download: http://bbs.360.cn/4005462/251088932.html 
They explained in the above page clearly how to remove the virus.