Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Resolved Question

Question about possible UEFI/BIOS infection

by Nov 24, 2016 4:14PM PST

I have question regarding the rare malwares that infect the BIOS. I currently have laptop Dell Inspiron, that supports UEFI. Since my laptop was left unattended on hostile environment (although locked with windows password) i need to know the risks of a compromised UEFI. The way i see it, the bios simply can hold maliscious code that it will launch the moment you start your OS. So even if Windows reinstall it is supposed still to launch the attack. Again i am mentioning that i am talking about possible compromising after PHYSICALL ACCESS, so here are the questions:

1- What are the capabilities of such infection- what can it do to a freshly reinstalled windows, will the antivirus/antimalawre programs detect it? Can it be used to spy my passwords/network traffic without a signs? I found only 1 known malware for UEFI, but it seems to affect only one type, not all? Are you aware of more info about this?

2- Is there any possible way to detect if your UEFI is compromised?

3- If you detect anything, is there possibility to remove it or the machine is basicly screwed?

Thanks, that is for now!

Discussion is locked

Whenitallcomes has chosen the best answer to their question. View answer
2 Posts
- Collapse + Expand Details

Best Answer

- Collapse -
Let me share a link about a leaked UEFI exploit.
by Forum moderator Nov 24, 2016 5:03PM PST
http://www.intelsecurity.com/advanced-threat-research/ht_uefi_rootkit.html_7142015.html

It's a lot to plow through but to install this one is far from "plug in my Rubber Ducky" for 15 seconds. The rarity of this infection (no, it's not that, it's an installation) is going to be done at a factory when your PC or phone was made.

EXAMPLES?
1. BLU phones http://www.wilderssecurity.com/threads/secret-backdoor-in-some-us-phones-sent-data-to-china.389980/
2. Carrier IQ. This one exploded onto the scene about 5 years ago. It turns out the makers and carriers were just a little too eager to collect data.

The possibility that your PC is UEFI BIOS infected is so low that I would not think further about it.
- Collapse -
Good..
by Whenitallcomes Nov 24, 2016 5:46PM PST

Perfect information, thanks!

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info