Stories
Slash Boxes
Comments

SoylentNews is people

Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes

posted by janrinok on Saturday August 11 2018, @10:03PM   Printer-friendly
from the who-watches-your-laptop-when-you-are-in-the-shower? dept.

MrPlow writes:

Submitted via IRC for SoyCow1984

Hacker lore is littered with tales of mysterious attackers breaking into hotels—perhaps at a conference—to get their hands on someone’s laptop with the goal of installing malware on it by physically connecting to the machine. That’s why the more careful hackers never leave their laptops unattended at events, or bring disposable computers with little to nothing valuable on them.

These types of attacks are called evil maid attacks in the infosec world, because the imaginary attacker is someone who has access to your room and malicious intentions. Pwning a laptop via physical access is a true and tested method to hack someone. But there’s no better way to be reminded of how effective and sometimes effortless these attacks can be than an actual demo.

In early July, security firm Eclypsium posted a video showing how Mickey Shkatov, one of its researchers, hacks into a laptop by opening it up, connecting a device directly to the chip that contains the BIOS, and installing malicious firmware on it—all in just over four minutes. That easy. (In some cases hackers don’t even need to open up the laptop).

“Physical attacks are hard to defend against and most people aren’t doing anything to defend against them,” John Loucaides, Eclypsium’s vice president of engineering, told me. “It’s not that hard of a attack to pull of as most people think. It takes less time and less effort than most people realize.”

[...] The good news is that while it’s relatively easy to hack a laptop once you get your hands on it, it’s all the work that is required to get there (monitoring a target to see where they live or are sleeping, breaking into their room, etc) makes these attacks likely rare.

Source: https://motherboard.vice.com/en_us/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes

Original Submission

 
This discussion has been archived. No new comments can be posted.
Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday August 12 2018, @07:42PM

    by Anonymous Coward on Sunday August 12 2018, @07:42PM (#720658)

    A winrar is you. There is one problem though: usually, an evil maid attack is a targeted affair for a reason. You a) want to make sure you get something valuable out of it when you take the risk of committing a crime in meatspace with no VPN or proxy to disguise who or where you are and b) you don't want to burn your zero-days on someone who's paranoid enough because they're aware of such risks and if not capable of analyzing the machine themselves, might pass it to someone who can.

    What do you gain from pwning rando deadbeats on ebay with incalculable risk of getting rid of your prized exploits but getting nothing in return?

    BTW, did it occur to you that you are also giving out your real identity to the buyer? You might just as well sign your trojan in blood.