SoylentNews is people
SoylentNews
The Snowden leaks have taught us much about the tactics employed by the NSA and GCHQ, from brazen malware attacks to more esoteric dark arts, such as infecting low-level pieces of computer code. Correspondingly, research into more surreptitious activities targeting the guts of modern systems has often been overshadowed by studies of more obvious attacks. Yet such high-tech techniques pose a more severe risk. They can, for instance, allow agencies to spy on Tails, the Linux-based secure operating system favored by Snowden. And they're not as difficult to exercise as many would imagine. They can totally obliterate the privacy of even the most careful computer user.
That will be the message of Corey Kallenberg and Xeno Kovah when they present research on easy-to-find BIOS-level vulnerabilities at the CanSecWest conference in Vancouver this week. BIOS firmware is the first software to run when a PC is switched on. It checks hardware and starts the load process for the operating system. Attackers who can get their code running at that level, usually installing a malware known as a rootkit, will be able to avoid most security detections systems, which tend to work at the operating system level, not below it. To get malicious tools running in the BIOS, however, the attacker will first have to hack their way to getting administrator privileges on a PC, through something like an Internet Explorer exploit, and then find some BIOS vulnerabilities to hack away at. The first part happens across the web every day, but the second part, the so-called "post-exploitation" phase, is considered the domain of highly-sophisticated hackers, such as the NSA or GCHQ, and extremely tricky to pull off.
But Kallenberg and Kovah have created a tool that automates the identification and exploitation of BIOS bugs, a number of which they will detail at CanSecWest. Using their own bespoke malware, they have repeatedly been able to gain access to System Management Mode (SMM), a part of the computer used by firmware that's entirely separate from other processes, but can read everything going through a machine's memory.
"Once the payload is delivered, we have an agent running in SMM," said Kallenberg during a demo session with FORBES. "The thing about SMM is that it runs independent of the operating system, the operating system has no visibility into system management mode, it's a protected region that can't be read or written by the OS – Tails can't read or write to it – but it has access to all of memory."
(Score: 1, Insightful) by Anonymous Coward on Monday August 24 2015, @12:51AM
I figured I'd put Snowden's name in the title so that everyone will look at my post and up-mod it. I did stop short of saying it three times in a row, because, well, YOU know...
This story has jack shit to do with Snowden, but let's drop the name a bunch of times and maybe people will click on it.
(Score: 0) by Anonymous Coward on Tuesday August 25 2015, @04:12PM
What the article was pointing out was that even an OS setup to be more secure like TAILS can succumb to serious faults. Not everything is written by/for the government/military and is often dumbed down to explain it better to everyday users and those who may feel invincible by using TAILS.