Rooting into the BIOS

Message

#1 Post by **GomJabbar** » Sat Apr 18, 2009 9:15 am

Saw this news link posted on another forum.

New Bios attack renders anti-virus useless

FYI, the ThinkPad BIOS menu has an option to not allow the BIOS to be flashed. I think I'll be selecting that option soon.

Tõnis · #2 Post by **Tõnis** » Sat Apr 18, 2009 9:21 am

GomJabbar wrote:FYI, the ThinkPad BIOS menu has an option to not allow the BIOS to be flashed. I think I'll be selecting that option soon.

If you could, please explain how to access that setting (exactly where it's located) and how to change it. Also, are there any negative ramifications of selecting that setting? (for example, will it make it more difficult to recover from a crash, etc.?

#3 Post by **GomJabbar** » Sat Apr 18, 2009 9:44 am

I don't see a BIOS simulator for the R61, but here is one for the R60 (I guess they're similar).
http://www-307.ibm.com/pc/support/site. ... MIGR-65602

Press F1 at the beginning of the boot sequence to enter the BIOS setup menu. Once in the BIOS menu, click on Security > BIOS Update Option > Enter > Disabled > F10.

#4 Post by **bill bolton** » Sat Apr 18, 2009 9:51 pm

GomJabbar wrote:New Bios attack renders anti-virus useless

For a start see this 2006 citation http://www.securityfocus.com/news/11372?ref=rss

BIOS rootkits haven't taken over the world, so this latest pronouncement by researchers at a security service vendor seems very much like a general beating of the gongs to scare the natives into buying more charms from the shamans

Anyway, if you want to read some more about what the shamans are saying, see here.... http://www.coresecurity.com/files/attac ... West09.pdf

Anibal Sacco wrote:The only drawback is that injecting the malicious code by patching the BIOS requires root privileges on or physical access to the system.

Cheers,

Bill B.

#5 Post by **GomJabbar** » Sat Apr 18, 2009 10:57 pm

bill bolton wrote:BIOS rootkits haven't taken over the world

No, but better forewarned and forearmed. On ThinkPads, the solution is quite simple for end users. Other PC's may require access to the motherboard to set a jumper - still, generally not that big a deal.

Anibal Sacco wrote:The only drawback is that injecting the malicious code by patching the BIOS requires root privileges on or physical access to the system.

With so many XP users regularly accessing the internet from an Administrator account, and so many Vista users doing the same with UAC turned off, root privileges are often readily accessible to malware attacks. I don't operate my PC's that way.

Tõnis · #6 Post by **Tõnis** » Sun Apr 19, 2009 11:15 am

GomJabbar wrote:Press F1 at the beginning of the boot sequence to enter the BIOS setup menu. Once in the BIOS menu, click on Security > BIOS Update Option > Enter > Disabled > F10.

Thank you! But will a layman end user like myself experience any negative consequence(s) if I do this? For example, will I still be able to reload my operating system from the Lenovo partition if necessary? Will anything important lose functionality? Is there anything I should be aware of? (I don't plan on updating my BIOS or anything like that). Does my security chip have to be enabled (I don't think mine is ...)? Sorry for the ignorant-sounding questions; my understanding is definitely limited, but I would like to protect the notebook's BIOS from malware and viruses with this seemingly simple method.

#7 Post by **GomJabbar** » Sun Apr 19, 2009 11:23 am

Disabling the BIOS Update Option will not affect anything except the ability to flash the BIOS. You can always change the setting back if you want to flash the BIOS at a later date.

Tõnis · #8 Post by **Tõnis** » Sun Apr 19, 2009 11:25 am

Thank you!

Tõnis

Rooting into the BIOS

Rooting into the BIOS

Re: Rooting into the BIOS

Re: Rooting into the BIOS

Re: Rooting into the BIOS

Re: Rooting into the BIOS

Re: Rooting into the BIOS

Re: Rooting into the BIOS

Re: Rooting into the BIOS

Who is online