Stories
Slash Boxes
Comments

SoylentNews is people

After CIA Leak, Intel Security Releases Detection Tool for EFI Rootkits

posted by Fnord666 on Sunday March 12 2017, @07:08AM   Printer-friendly
from the responded-quickly dept.

MrPlow writes:

Submitted via IRC for chromas

Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.

The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.

The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.

EFI, also known as UEFI (Unified EFI), is the low-level firmware that runs before the operating system and initializes the various hardware components during the system boot process. It's the replacement for the older and much more basic BIOS in modern computers and resembles a mini operating system. It can have hundreds of "programs" for different functions implemented as executable binaries.

A malicious program hidden inside the EFI can inject malicious code into the OS kernel and can restore any malware that has been removed from the computer. This allows rootkits to survive major system updates and even reinstallations.

Source: http://www.pcworld.com/article/3179348/security/after-cia-leak-intel-security-releases-detection-tool-for-efi-rootkits.html

Original Submission

 
This discussion has been archived. No new comments can be posted.
After CIA Leak, Intel Security Releases Detection Tool for EFI Rootkits | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday March 12 2017, @10:17AM

    by Anonymous Coward on Sunday March 12 2017, @10:17AM (#477995)

    Well, the main developer of libreboot Rowe decided to remove libreboot from the GNU project because she claims the FSF fired a person because of their being transgender. Now the libreboot home page contains a banner saying bad things about GNU. The code is the libreboot source code for a free BIOS.

    Computers come with a proprietary BIOS. In addition of the BIOS being very slow to boot up, who knows what it contains. Also, modern BIOSes contain remote management capabilities that allow remote user to do anything at all on the computer, quite independently from any operating system installed, and even if the computer is powered off.

    If I own my computer, I should be allowed to do whatever I please with it. This obviously includes a free BIOS/EFI/whatever.