|
|
Hacking Team Used UEFI BIOS Rootkits - TechAmok
Hacking Team Used UEFI BIOS Rootkits - [briefly]
12:54 PM EDT - Jul,15 2015 - post a comment Hacking Team has not only developed exploits and flaws, but also uses a Unified Extensible Firmware Interface (UEFI) BIOS rootkit to keep their Remote Control System agent installed in their targets' systems. The use of this type of rootkit means that even if a victim's infected machine undergoes a hard drive format, buys a new HD or reinstalls the Windows operating system, the tools are once again implanted to resume their tasks. The rootkit has primarily been designed for Insyde BIOS, a popular BIOS vendor for laptops, however, Trend Micro speculates the code is likely to work on AMI BIOS as well. A slideshow produced by Hacking Team and available to view through leaked emails claims that infection requires physical access to the target machine. If an attacker gains access to the machine, they must reboot the system into the UEFI shell, dump the BIOS, install the rootkit, reflash the BIOS and then reboot once more to complete installation. Files have to be copied from an external source, such as a USB key loaded with the UEFI shell. As explained by the researchers:
"Three modules are first copied from an external source [..] to a file volume (FV) in the modified UEFI BIOS. Ntfs.mod allows UEFI BIOS to read/write NTFS file. Rkloader.mod then hooks the UEFI event and calls the dropper function when the system boots.
The filedropper.mod contains the actual agents, which have the file name scout.exe and soldier.exe. This means that when the BIOS rootkit is installed, the existence of the agents are checked each time the system is rebooted."
If the agent does not exist, the scout.exe agent is reinstalled. A tall order, but once the rootkit is in place -- with or without the technical support provided by Hacking Team -- standard scrubbing methods and even replacing the hard drive simply won't work. While the materials say physical access is needed, Trend Micro's researchers "cannot rule out the possibility of remote installation." The company recommends that users set up BIOS passwords, enable UEFI SecureFlash and update the BIOS when security patches are available to limit the risk of infection. |
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Oct,26 2025 F1: Qualifying Highlights | 2025 Mexico City Grand Prix Oct,25 2025 New Big Windows 11 25H2 October Update - New Taskbar Battery Icons Oct,25 2025 Apple Prepping 'Transfer to Android' Feature, Including 3rd-Party Oct,24 2025 HW News - RIP Internet, RAM Prices Skyrocket from AI Demand, Intel Oct,21 2025 Retro Gaming PC Upgrades go WRONG! Oct,21 2025 How social media has ruined us - the more time you spend online, the Oct,20 2025 FERRARI 12 CILINDRI // 340KMH REVIEW on AUTOBAHN Oct,20 2025 ROG Xbox Ally X - a PC Gamer's Perspective Oct,20 2025 Race Highlights | 2025 United States Grand Prix Oct,18 2025 RedMagic Puts Liquid Cooling in its New Gaming Phone Oct,18 2025 Russia Says U.S. Is Planning a $37 Trillion Crypto Reset Oct,18 2025 Tor Browser says no to Firefox's AI features as it removes them Oct,14 2025 NVIDIA GeForce 581.57 WHQL Driver Oct,13 2025 Samsung One UI 8.5 vs iOS 26 - COMPARISON Oct,12 2025 Google Turned Down by Supreme Court, Must Open up App Payments Oct,10 2025 AMD releases new 25.10.1 preview graphics driver with Battlefield 6 Oct,10 2025 MERCY Official Trailer (2026) Chris Pratt Oct,07 2025 Galaxy S26 Ultra - Samsung, Please Don't Copy This Oct,06 2025 Canada's Las Vegas Sphere is here - and I game on it Oct,06 2025 Predator: Badlands - Official Final Trailer (2025) Oct,04 2025 Chasing a Gaming World Record Oct,02 2025 Frankenstein - Official Trailer (2025) Guillermo del Toro, Oscar Oct,02 2025 iPhone 17 Pro Max vs 16 Pro Max / Pixel 10 Pro XL / Galaxy S25 Ultra Sep,30 2025 iOS 26.0.1 is Out! - What's New? Sep,30 2025 NEW! 2026 Audi Q3 2.0 TFSI (265hp) vs. e-hybrid (272hp)| 0-100 km/h Sep,29 2025 Samsung One UI 8.5 Hands on - I Was Wrong Sep,28 2025 iPhone Air Teardown - What is 3D Printed Titanium? Sep,28 2025 Nvidia Wouldn't Send Me This $30,000 GPU - H200 Holy $H!T Sep,27 2025 The Astronaut - Official Trailer (2025) Kate Mara, Laurence Sep,25 2025 iPhone 17 Durability Test -- What Scratches are Permanent? Sep,23 2025 iPhone 17 Pro Max vs. Galaxy S25 Ultra Drop Test! Sep,21 2025 Race Highlights: A Swing In The Drivers' Title Fight? | 2025 Sep,21 2025 BYD Yangwang U9 Hits 496.22 KM/H - EV Supercar Speed Record Sep,21 2025 I'm FIRST to Unbox The World's Biggest TV Sep,21 2025 Samsung Begins Rollout of Android 16 to Rest of Lineup Sep,21 2025 iOS 26 Now Available, with Visual Intelligence Sep,21 2025 Apple's iPhone 17 Series is Nearly Hack-Proof Sep,21 2025 Qualifying Highlights - 2025 Azerbaijan Grand Prix Sep,20 2025 iPhone 17 Pro vs Samsung S25 Ultra Camera Comparison! Sep,20 2025 iPhone Air Durability test -- I AM SHOCKED
>> News Archive <<
| |
|
