Can a virus destroy the BIOS of a modern computer?BIOS upgrade only with PGP-signature / encrypting the whole BIOSProtecting the BIOS from malwareUnlock a computer bios?Can Restarting An Infected Computer Make It Worse?Can HDD without OS contain active virusCan BIOS malware be installed from OS?Feasibility of infecting notebook BIOS with virus?Can BIOS/UEFI change OS code?Explain how a BIOS/UEFI infection may compromise the security of the Operating SystemIs knowing the BIOS password of help in hacking a computer *remotely*?
Using "tail" to follow a file without displaying the most recent lines
Processor speed limited at 0.4 Ghz
Can compressed videos be decoded back to their uncompresed original format?
How do I exit BASH while loop using modulus operator?
What is a Samsaran Word™?
In Bayesian inference, why are some terms dropped from the posterior predictive?
What historical events would have to change in order to make 19th century "steampunk" technology possible?
Is there a hemisphere-neutral way of specifying a season?
What is the fastest integer factorization to break RSA?
OP Amp not amplifying audio signal
Finitely generated matrix groups whose eigenvalues are all algebraic
Are British MPs missing the point, with these 'Indicative Votes'?
What are the G forces leaving Earth orbit?
How does a dynamic QR code work?
How can I deal with my CEO asking me to hire someone with a higher salary than me, a co-founder?
How to install cross-compiler on Ubuntu 18.04?
Why is Shab e Meraj celebrated the night before?
Did 'Cinema Songs' exist during Hiranyakshipu's time?
What reasons are there for a Capitalist to oppose a 100% inheritance tax?
Should I tell management that I intend to leave due to bad software development practices?
ssTTsSTtRrriinInnnnNNNIiinngg
How dangerous is XSS
What does the same-ish mean?
Do creatures with a listed speed of "0 ft., fly 30 ft. (hover)" ever touch the ground?
Can a virus destroy the BIOS of a modern computer?
BIOS upgrade only with PGP-signature / encrypting the whole BIOSProtecting the BIOS from malwareUnlock a computer bios?Can Restarting An Infected Computer Make It Worse?Can HDD without OS contain active virusCan BIOS malware be installed from OS?Feasibility of infecting notebook BIOS with virus?Can BIOS/UEFI change OS code?Explain how a BIOS/UEFI infection may compromise the security of the Operating SystemIs knowing the BIOS password of help in hacking a computer *remotely*?
In the late 1990s, a computer virus known as CIH began infecting some computers. Its payload, when triggered, overwrote system information and destroyed the computer's BIOS, essentially bricking whatever computer it infected. Could a virus that affects modern operating systems (Like Windows 10) destroy the BIOS of a modern computer and essentially brick it the same way, or is it now impossible for a virus to gain access to a modern computer's BIOS?
malware virus operating-systems bios
asked 22 hours ago
user73910user73910
32625
New contributor
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
In the late 1990s, a computer virus known as CIH began infecting some computers. Its payload, when triggered, overwrote system information and destroyed the computer's BIOS, essentially bricking whatever computer it infected. Could a virus that affects modern operating systems (Like Windows 10) destroy the BIOS of a modern computer and essentially brick it the same way, or is it now impossible for a virus to gain access to a modern computer's BIOS?
malware virus operating-systems bios
asked 22 hours ago
user73910user73910
32625
New contributor
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Why would a virus want to do that? The goal of most modern viruses is to take control of your computer in order to steal information or use it as a zombie machine, generally for some sort of financial gain. Bricking your computer does not benefit the attacker in any way, unless they have some personal beef with you. This is why it's not in the attacker's best interest to do so. Ideally, they infect your machine with no visible indication that they have done so, or they hit you with ransom-ware of some sort. Killing the computer dead serves no purpose.
– Darrel Hoffman
12 hours ago
8
@DarrelHoffman Let's say you are my competitor, and I want to slow you down, having that kind of virus its a good way, infecting your office network and bricking all your computers and servers... Yes, there is no information loss (as the hard drives are there) but the financial loss of fixing everything plus the down time of your employees... Maybe not the best way, but to say that "serves no purpose" it's to think to little.
– Omar Martinez
12 hours ago
2
@OmarMartinez And I would classify that under "attacker has a personal beef with you". You're now looking at a focused attack on a specific target, not just a virus that randomly spreads to wherever it can the way most do. Admittedly "serves no purpose" might've been overstepping a bit. But it's still not the way that typical viruses operate.
– Darrel Hoffman
12 hours ago
2
@DarrelHoffman while viruses now are generally as you say, done for financial gain, I'm sure there's still plenty of unpleasant people out there simply interested in mayhem and chaos, and there definitely was in the past. e.g. SQL Slammer didn't do anything really, except propagate itself.
– mbrig
12 hours ago
5
@DarrellHoffman I think you're underestimating the human capacity for random acts of malice
– barbecue
10 hours ago
add a comment |
In the late 1990s, a computer virus known as CIH began infecting some computers. Its payload, when triggered, overwrote system information and destroyed the computer's BIOS, essentially bricking whatever computer it infected. Could a virus that affects modern operating systems (Like Windows 10) destroy the BIOS of a modern computer and essentially brick it the same way, or is it now impossible for a virus to gain access to a modern computer's BIOS?
malware virus operating-systems bios
asked 22 hours ago
user73910user73910
32625
New contributor
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
In the late 1990s, a computer virus known as CIH began infecting some computers. Its payload, when triggered, overwrote system information and destroyed the computer's BIOS, essentially bricking whatever computer it infected. Could a virus that affects modern operating systems (Like Windows 10) destroy the BIOS of a modern computer and essentially brick it the same way, or is it now impossible for a virus to gain access to a modern computer's BIOS?
malware virus operating-systems bios
malware virus operating-systems bios
asked 22 hours ago
user73910user73910
32625
New contributor
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 22 hours ago
user73910user73910
32625
New contributor
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 22 hours ago
user73910
asked 22 hours ago
user73910user73910
32625
New contributor
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 22 hours ago
user73910user73910
32625
asked 22 hours ago
user73910user73910
32625
32625
New contributor
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
user73910 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Why would a virus want to do that? The goal of most modern viruses is to take control of your computer in order to steal information or use it as a zombie machine, generally for some sort of financial gain. Bricking your computer does not benefit the attacker in any way, unless they have some personal beef with you. This is why it's not in the attacker's best interest to do so. Ideally, they infect your machine with no visible indication that they have done so, or they hit you with ransom-ware of some sort. Killing the computer dead serves no purpose.
– Darrel Hoffman
12 hours ago
8
@DarrelHoffman Let's say you are my competitor, and I want to slow you down, having that kind of virus its a good way, infecting your office network and bricking all your computers and servers... Yes, there is no information loss (as the hard drives are there) but the financial loss of fixing everything plus the down time of your employees... Maybe not the best way, but to say that "serves no purpose" it's to think to little.
– Omar Martinez
12 hours ago
2
@OmarMartinez And I would classify that under "attacker has a personal beef with you". You're now looking at a focused attack on a specific target, not just a virus that randomly spreads to wherever it can the way most do. Admittedly "serves no purpose" might've been overstepping a bit. But it's still not the way that typical viruses operate.
– Darrel Hoffman
12 hours ago
2
@DarrelHoffman while viruses now are generally as you say, done for financial gain, I'm sure there's still plenty of unpleasant people out there simply interested in mayhem and chaos, and there definitely was in the past. e.g. SQL Slammer didn't do anything really, except propagate itself.
– mbrig
12 hours ago
5
@DarrellHoffman I think you're underestimating the human capacity for random acts of malice
– barbecue
10 hours ago
add a comment |
3
Why would a virus want to do that? The goal of most modern viruses is to take control of your computer in order to steal information or use it as a zombie machine, generally for some sort of financial gain. Bricking your computer does not benefit the attacker in any way, unless they have some personal beef with you. This is why it's not in the attacker's best interest to do so. Ideally, they infect your machine with no visible indication that they have done so, or they hit you with ransom-ware of some sort. Killing the computer dead serves no purpose.
– Darrel Hoffman
12 hours ago
8
@DarrelHoffman Let's say you are my competitor, and I want to slow you down, having that kind of virus its a good way, infecting your office network and bricking all your computers and servers... Yes, there is no information loss (as the hard drives are there) but the financial loss of fixing everything plus the down time of your employees... Maybe not the best way, but to say that "serves no purpose" it's to think to little.
– Omar Martinez
12 hours ago
2
@OmarMartinez And I would classify that under "attacker has a personal beef with you". You're now looking at a focused attack on a specific target, not just a virus that randomly spreads to wherever it can the way most do. Admittedly "serves no purpose" might've been overstepping a bit. But it's still not the way that typical viruses operate.
– Darrel Hoffman
12 hours ago
2
@DarrelHoffman while viruses now are generally as you say, done for financial gain, I'm sure there's still plenty of unpleasant people out there simply interested in mayhem and chaos, and there definitely was in the past. e.g. SQL Slammer didn't do anything really, except propagate itself.
– mbrig
12 hours ago
5
@DarrellHoffman I think you're underestimating the human capacity for random acts of malice
– barbecue
10 hours ago
3
3
Why would a virus want to do that? The goal of most modern viruses is to take control of your computer in order to steal information or use it as a zombie machine, generally for some sort of financial gain. Bricking your computer does not benefit the attacker in any way, unless they have some personal beef with you. This is why it's not in the attacker's best interest to do so. Ideally, they infect your machine with no visible indication that they have done so, or they hit you with ransom-ware of some sort. Killing the computer dead serves no purpose.
– Darrel Hoffman
12 hours ago
Why would a virus want to do that? The goal of most modern viruses is to take control of your computer in order to steal information or use it as a zombie machine, generally for some sort of financial gain. Bricking your computer does not benefit the attacker in any way, unless they have some personal beef with you. This is why it's not in the attacker's best interest to do so. Ideally, they infect your machine with no visible indication that they have done so, or they hit you with ransom-ware of some sort. Killing the computer dead serves no purpose.
– Darrel Hoffman
12 hours ago
8
8
@DarrelHoffman Let's say you are my competitor, and I want to slow you down, having that kind of virus its a good way, infecting your office network and bricking all your computers and servers... Yes, there is no information loss (as the hard drives are there) but the financial loss of fixing everything plus the down time of your employees... Maybe not the best way, but to say that "serves no purpose" it's to think to little.
– Omar Martinez
12 hours ago
@DarrelHoffman Let's say you are my competitor, and I want to slow you down, having that kind of virus its a good way, infecting your office network and bricking all your computers and servers... Yes, there is no information loss (as the hard drives are there) but the financial loss of fixing everything plus the down time of your employees... Maybe not the best way, but to say that "serves no purpose" it's to think to little.
– Omar Martinez
12 hours ago
2
2
@OmarMartinez And I would classify that under "attacker has a personal beef with you". You're now looking at a focused attack on a specific target, not just a virus that randomly spreads to wherever it can the way most do. Admittedly "serves no purpose" might've been overstepping a bit. But it's still not the way that typical viruses operate.
– Darrel Hoffman
12 hours ago
@OmarMartinez And I would classify that under "attacker has a personal beef with you". You're now looking at a focused attack on a specific target, not just a virus that randomly spreads to wherever it can the way most do. Admittedly "serves no purpose" might've been overstepping a bit. But it's still not the way that typical viruses operate.
– Darrel Hoffman
12 hours ago
2
2
@DarrelHoffman while viruses now are generally as you say, done for financial gain, I'm sure there's still plenty of unpleasant people out there simply interested in mayhem and chaos, and there definitely was in the past. e.g. SQL Slammer didn't do anything really, except propagate itself.
– mbrig
12 hours ago
@DarrelHoffman while viruses now are generally as you say, done for financial gain, I'm sure there's still plenty of unpleasant people out there simply interested in mayhem and chaos, and there definitely was in the past. e.g. SQL Slammer didn't do anything really, except propagate itself.
– mbrig
12 hours ago
5
5
@DarrellHoffman I think you're underestimating the human capacity for random acts of malice
– barbecue
10 hours ago
@DarrellHoffman I think you're underestimating the human capacity for random acts of malice
– barbecue
10 hours ago
add a comment |
5 Answers
5
active
oldest
votes
Modern computers don't have a BIOS, they have a UEFI. Updating the UEFI firmware from the running operating system is a standard procedure, so any malware which manages to get executed on the operating system with sufficient privileges could attempt to do the same. However, most UEFIs will not accept an update which isn't digitally signed by the manufacturer. That means it should not be possible to overwrite it with arbitrary code.
This, however, assumes that:
- the mainboard manufacturers manage to keep their private keys secret
- the UEFI doesn't have any unintended security vulnerabilities which allow overwriting it with arbitrary code.
And those two assumptions do not necessarily hold.
Regarding leaked keys: if a UEFI signing key were to become known to the general public, then you can assume that there would be quite a lot of media reporting and hysterical patching going on. If you follow some IT news, you would likely see a lot of alarmist "If you have a [brand] mainboard UPDATE YOUR UEFI NOW!!!1111oneone" headlines. But another possibility is signing keys secretly leaked to state actors. So if your work might be interesting for industrial espionage, then this might also be a credible threat for you.
Regarding bugs: UEFIs gain more and more functionality which has more and more possibilities for hidden bugs. They also lack most of the internal security features you have after you have booted a "real" operating system.
edited 2 hours ago
forest
39.2k18127139
answered 21 hours ago
PhilippPhilipp
44.7k7113141
3
Suggestion: "And you can not necessarily assume that these two assumptions are true." --> "And those two assumptions do not necessarily hold." (Just reads very awkwardly as is.)
– jpmc26
14 hours ago
2
@jpmc26 English is not my first language, so if you say so...
– Philipp
14 hours ago
7
1) UEFI is a subtype of BIOS. 2) If an attacker can get physical access to your computer, they don't need to be able to sign their BIOS malware; they can simply desolder the chip from the motherboard and forcibly overwrite the data contained therein.
– Sean
13 hours ago
I have vague memories of the linux kernel (or maybe just a common UEFI utility on linux?) deciding to block access to certain UEFI settings because incorrect writes could brick the motherboard. I might be mixing up stores though.
– mbrig
12 hours ago
2
@mbrig - It was the opposite. Systemd mounted some EFI variables as R/W by default, and thenrm -rf / --no-preserve-rootwould clobber them, which bricked some poorly implemented motherboards. In predictable SystemD fashion, they then handled the issue extremely badly.
– Fake Name
7 hours ago
|
show 1 more comment
Yes, it is definitely possible.
Nowadays, with UEFI becoming widespread, it is even more of a concern: UEFI has a much larger attack surface than traditional BIOS and a (potential) flaw in UEFI could be leverage to gain access to machine without having any kind of physical access (as demonstrated by the people of Eclypsium at black hat last year).
answered 21 hours ago
StephaneStephane
17.6k25464
add a comment |
Practically speaking, a virus is software, so can do anything that any other software can do.
So the simple way answer to this question, and all others of the class "Can viruses do X?" is to ask "Does software currently do X?"
Such questions might include "can a virus walk my dog?" (not without a dog-walking robot); "Can a virus get me pizza?" (yes: this is regrettably not the main focus of most virus authors, however).
Are BIOSes (UEFI) currently updated using software? The answer is, yes they are. Mine updated last night, when I rebooted.
And so the answer is yes.
By the same logic, viruses can also cause (and historically have caused) physical damage to your CPU, hard drives, and printers.
Home automation systems and driverless vehicles are also possible targets for physical damages, but I know of no viruses which have done so.
answered 10 hours ago
Dewi MorganDewi Morgan
1,110513
1
I wouldn't mind much if my personal information was used by malware developers to order me free pizza and nothing else. (+1 for useful reasoning)
– Marc.2377
6 hours ago
1
@Marc.2377, I would not mind much if your personal information was used to order me free pizza… :-)
– sleblanc
2 hours ago
add a comment |
Your question hints at a more deep subject that is rings and permissions of code on an operating system. On MS DOS the code could do whatever it wants. If the code wanted to write all 0x00's to a hard drive it could if it wanted to send strange output to a piece of hardware it could also there was nothing stopping the user's code. On a modern OS there is a concept of rings (this is enforced by the CPU). The kernel runs on ring zero and it could do whatever it wants. The user's code on the other hand can not. It runs on something called ring 3 and it is given it's own little piece of memory and inside of that memory it can do whatever it wants but it can not directly talk to hardware. If the user's code tries to talk to hardware then the kernel immediately kills the program. This means that it is highly unlikely that a regular virus can kill hardware because it can not talk to it directly.
If the kernel is hacked then the game is basically over. The kernel can do whatever it wants and a whole host of bad things can happen such as overclocking the CPU to a point where the hardware is unstable, wiping the hard drives (filling the with zeros for example), or pretty much any other plausible attack.
answered 7 hours ago
scifi6546scifi6546
11
New contributor
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
"If the user's code tries to talk to hardware then the kernel immediately kills the program" - Really? Can you provide a citation for that? I thought the protected instruction would simply fail and it's up to the program to deal with that reasonably or crash.
– Marc.2377
6 hours ago
add a comment |
Potentially. It would be hard to do however, as it would more than likely have to masquerade as a legit BIOS update somewhere down the line. The method to do so will change depending on your mobo but chances are it would have to involve the leaking of private or hardware keys or other secrets.
answered 21 hours ago
520520
43724
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
user73910 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206606%2fcan-a-virus-destroy-the-bios-of-a-modern-computer%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
Modern computers don't have a BIOS, they have a UEFI. Updating the UEFI firmware from the running operating system is a standard procedure, so any malware which manages to get executed on the operating system with sufficient privileges could attempt to do the same. However, most UEFIs will not accept an update which isn't digitally signed by the manufacturer. That means it should not be possible to overwrite it with arbitrary code.
This, however, assumes that:
- the mainboard manufacturers manage to keep their private keys secret
- the UEFI doesn't have any unintended security vulnerabilities which allow overwriting it with arbitrary code.
And those two assumptions do not necessarily hold.
Regarding leaked keys: if a UEFI signing key were to become known to the general public, then you can assume that there would be quite a lot of media reporting and hysterical patching going on. If you follow some IT news, you would likely see a lot of alarmist "If you have a [brand] mainboard UPDATE YOUR UEFI NOW!!!1111oneone" headlines. But another possibility is signing keys secretly leaked to state actors. So if your work might be interesting for industrial espionage, then this might also be a credible threat for you.
Regarding bugs: UEFIs gain more and more functionality which has more and more possibilities for hidden bugs. They also lack most of the internal security features you have after you have booted a "real" operating system.
edited 2 hours ago
forest
39.2k18127139
answered 21 hours ago
PhilippPhilipp
44.7k7113141
3
Suggestion: "And you can not necessarily assume that these two assumptions are true." --> "And those two assumptions do not necessarily hold." (Just reads very awkwardly as is.)
– jpmc26
14 hours ago
2
@jpmc26 English is not my first language, so if you say so...
– Philipp
14 hours ago
7
1) UEFI is a subtype of BIOS. 2) If an attacker can get physical access to your computer, they don't need to be able to sign their BIOS malware; they can simply desolder the chip from the motherboard and forcibly overwrite the data contained therein.
– Sean
13 hours ago
I have vague memories of the linux kernel (or maybe just a common UEFI utility on linux?) deciding to block access to certain UEFI settings because incorrect writes could brick the motherboard. I might be mixing up stores though.
– mbrig
12 hours ago
2
@mbrig - It was the opposite. Systemd mounted some EFI variables as R/W by default, and thenrm -rf / --no-preserve-rootwould clobber them, which bricked some poorly implemented motherboards. In predictable SystemD fashion, they then handled the issue extremely badly.
– Fake Name
7 hours ago
|
show 1 more comment
Modern computers don't have a BIOS, they have a UEFI. Updating the UEFI firmware from the running operating system is a standard procedure, so any malware which manages to get executed on the operating system with sufficient privileges could attempt to do the same. However, most UEFIs will not accept an update which isn't digitally signed by the manufacturer. That means it should not be possible to overwrite it with arbitrary code.
This, however, assumes that:
- the mainboard manufacturers manage to keep their private keys secret
- the UEFI doesn't have any unintended security vulnerabilities which allow overwriting it with arbitrary code.
And those two assumptions do not necessarily hold.
Regarding leaked keys: if a UEFI signing key were to become known to the general public, then you can assume that there would be quite a lot of media reporting and hysterical patching going on. If you follow some IT news, you would likely see a lot of alarmist "If you have a [brand] mainboard UPDATE YOUR UEFI NOW!!!1111oneone" headlines. But another possibility is signing keys secretly leaked to state actors. So if your work might be interesting for industrial espionage, then this might also be a credible threat for you.
Regarding bugs: UEFIs gain more and more functionality which has more and more possibilities for hidden bugs. They also lack most of the internal security features you have after you have booted a "real" operating system.
edited 2 hours ago
forest
39.2k18127139
answered 21 hours ago
PhilippPhilipp
44.7k7113141
3
Suggestion: "And you can not necessarily assume that these two assumptions are true." --> "And those two assumptions do not necessarily hold." (Just reads very awkwardly as is.)
– jpmc26
14 hours ago
2
@jpmc26 English is not my first language, so if you say so...
– Philipp
14 hours ago
7
1) UEFI is a subtype of BIOS. 2) If an attacker can get physical access to your computer, they don't need to be able to sign their BIOS malware; they can simply desolder the chip from the motherboard and forcibly overwrite the data contained therein.
– Sean
13 hours ago
I have vague memories of the linux kernel (or maybe just a common UEFI utility on linux?) deciding to block access to certain UEFI settings because incorrect writes could brick the motherboard. I might be mixing up stores though.
– mbrig
12 hours ago
2
@mbrig - It was the opposite. Systemd mounted some EFI variables as R/W by default, and thenrm -rf / --no-preserve-rootwould clobber them, which bricked some poorly implemented motherboards. In predictable SystemD fashion, they then handled the issue extremely badly.
– Fake Name
7 hours ago
|
show 1 more comment
Modern computers don't have a BIOS, they have a UEFI. Updating the UEFI firmware from the running operating system is a standard procedure, so any malware which manages to get executed on the operating system with sufficient privileges could attempt to do the same. However, most UEFIs will not accept an update which isn't digitally signed by the manufacturer. That means it should not be possible to overwrite it with arbitrary code.
This, however, assumes that:
- the mainboard manufacturers manage to keep their private keys secret
- the UEFI doesn't have any unintended security vulnerabilities which allow overwriting it with arbitrary code.
And those two assumptions do not necessarily hold.
Regarding leaked keys: if a UEFI signing key were to become known to the general public, then you can assume that there would be quite a lot of media reporting and hysterical patching going on. If you follow some IT news, you would likely see a lot of alarmist "If you have a [brand] mainboard UPDATE YOUR UEFI NOW!!!1111oneone" headlines. But another possibility is signing keys secretly leaked to state actors. So if your work might be interesting for industrial espionage, then this might also be a credible threat for you.
Regarding bugs: UEFIs gain more and more functionality which has more and more possibilities for hidden bugs. They also lack most of the internal security features you have after you have booted a "real" operating system.
edited 2 hours ago
forest
39.2k18127139
answered 21 hours ago
PhilippPhilipp
44.7k7113141
Modern computers don't have a BIOS, they have a UEFI. Updating the UEFI firmware from the running operating system is a standard procedure, so any malware which manages to get executed on the operating system with sufficient privileges could attempt to do the same. However, most UEFIs will not accept an update which isn't digitally signed by the manufacturer. That means it should not be possible to overwrite it with arbitrary code.
This, however, assumes that:
- the mainboard manufacturers manage to keep their private keys secret
- the UEFI doesn't have any unintended security vulnerabilities which allow overwriting it with arbitrary code.
And those two assumptions do not necessarily hold.
Regarding leaked keys: if a UEFI signing key were to become known to the general public, then you can assume that there would be quite a lot of media reporting and hysterical patching going on. If you follow some IT news, you would likely see a lot of alarmist "If you have a [brand] mainboard UPDATE YOUR UEFI NOW!!!1111oneone" headlines. But another possibility is signing keys secretly leaked to state actors. So if your work might be interesting for industrial espionage, then this might also be a credible threat for you.
Regarding bugs: UEFIs gain more and more functionality which has more and more possibilities for hidden bugs. They also lack most of the internal security features you have after you have booted a "real" operating system.
edited 2 hours ago
forest
39.2k18127139
answered 21 hours ago
PhilippPhilipp
44.7k7113141
edited 2 hours ago
forest
39.2k18127139
edited 2 hours ago
forest
39.2k18127139
edited 2 hours ago
forest
39.2k18127139
39.2k18127139
answered 21 hours ago
PhilippPhilipp
44.7k7113141
answered 21 hours ago
PhilippPhilipp
44.7k7113141
answered 21 hours ago
PhilippPhilipp
44.7k7113141
44.7k7113141
3
Suggestion: "And you can not necessarily assume that these two assumptions are true." --> "And those two assumptions do not necessarily hold." (Just reads very awkwardly as is.)
– jpmc26
14 hours ago
2
@jpmc26 English is not my first language, so if you say so...
– Philipp
14 hours ago
7
1) UEFI is a subtype of BIOS. 2) If an attacker can get physical access to your computer, they don't need to be able to sign their BIOS malware; they can simply desolder the chip from the motherboard and forcibly overwrite the data contained therein.
– Sean
13 hours ago
I have vague memories of the linux kernel (or maybe just a common UEFI utility on linux?) deciding to block access to certain UEFI settings because incorrect writes could brick the motherboard. I might be mixing up stores though.
– mbrig
12 hours ago
2
@mbrig - It was the opposite. Systemd mounted some EFI variables as R/W by default, and thenrm -rf / --no-preserve-rootwould clobber them, which bricked some poorly implemented motherboards. In predictable SystemD fashion, they then handled the issue extremely badly.
– Fake Name
7 hours ago
|
show 1 more comment
3
Suggestion: "And you can not necessarily assume that these two assumptions are true." --> "And those two assumptions do not necessarily hold." (Just reads very awkwardly as is.)
– jpmc26
14 hours ago
2
@jpmc26 English is not my first language, so if you say so...
– Philipp
14 hours ago
7
1) UEFI is a subtype of BIOS. 2) If an attacker can get physical access to your computer, they don't need to be able to sign their BIOS malware; they can simply desolder the chip from the motherboard and forcibly overwrite the data contained therein.
– Sean
13 hours ago
I have vague memories of the linux kernel (or maybe just a common UEFI utility on linux?) deciding to block access to certain UEFI settings because incorrect writes could brick the motherboard. I might be mixing up stores though.
– mbrig
12 hours ago
2
@mbrig - It was the opposite. Systemd mounted some EFI variables as R/W by default, and thenrm -rf / --no-preserve-rootwould clobber them, which bricked some poorly implemented motherboards. In predictable SystemD fashion, they then handled the issue extremely badly.
– Fake Name
7 hours ago
3
3
Suggestion: "And you can not necessarily assume that these two assumptions are true." --> "And those two assumptions do not necessarily hold." (Just reads very awkwardly as is.)
– jpmc26
14 hours ago
Suggestion: "And you can not necessarily assume that these two assumptions are true." --> "And those two assumptions do not necessarily hold." (Just reads very awkwardly as is.)
– jpmc26
14 hours ago
2
2
@jpmc26 English is not my first language, so if you say so...
– Philipp
14 hours ago
@jpmc26 English is not my first language, so if you say so...
– Philipp
14 hours ago
7
7
1) UEFI is a subtype of BIOS. 2) If an attacker can get physical access to your computer, they don't need to be able to sign their BIOS malware; they can simply desolder the chip from the motherboard and forcibly overwrite the data contained therein.
– Sean
13 hours ago
1) UEFI is a subtype of BIOS. 2) If an attacker can get physical access to your computer, they don't need to be able to sign their BIOS malware; they can simply desolder the chip from the motherboard and forcibly overwrite the data contained therein.
– Sean
13 hours ago
I have vague memories of the linux kernel (or maybe just a common UEFI utility on linux?) deciding to block access to certain UEFI settings because incorrect writes could brick the motherboard. I might be mixing up stores though.
– mbrig
12 hours ago
I have vague memories of the linux kernel (or maybe just a common UEFI utility on linux?) deciding to block access to certain UEFI settings because incorrect writes could brick the motherboard. I might be mixing up stores though.
– mbrig
12 hours ago
2
2
@mbrig - It was the opposite. Systemd mounted some EFI variables as R/W by default, and then
rm -rf / --no-preserve-root would clobber them, which bricked some poorly implemented motherboards. In predictable SystemD fashion, they then handled the issue extremely badly.– Fake Name
7 hours ago
@mbrig - It was the opposite. Systemd mounted some EFI variables as R/W by default, and then
rm -rf / --no-preserve-root would clobber them, which bricked some poorly implemented motherboards. In predictable SystemD fashion, they then handled the issue extremely badly.– Fake Name
7 hours ago
|
show 1 more comment
Yes, it is definitely possible.
Nowadays, with UEFI becoming widespread, it is even more of a concern: UEFI has a much larger attack surface than traditional BIOS and a (potential) flaw in UEFI could be leverage to gain access to machine without having any kind of physical access (as demonstrated by the people of Eclypsium at black hat last year).
answered 21 hours ago
StephaneStephane
17.6k25464
add a comment |
Yes, it is definitely possible.
Nowadays, with UEFI becoming widespread, it is even more of a concern: UEFI has a much larger attack surface than traditional BIOS and a (potential) flaw in UEFI could be leverage to gain access to machine without having any kind of physical access (as demonstrated by the people of Eclypsium at black hat last year).
answered 21 hours ago
StephaneStephane
17.6k25464
add a comment |
Yes, it is definitely possible.
Nowadays, with UEFI becoming widespread, it is even more of a concern: UEFI has a much larger attack surface than traditional BIOS and a (potential) flaw in UEFI could be leverage to gain access to machine without having any kind of physical access (as demonstrated by the people of Eclypsium at black hat last year).
answered 21 hours ago
StephaneStephane
17.6k25464
Yes, it is definitely possible.
Nowadays, with UEFI becoming widespread, it is even more of a concern: UEFI has a much larger attack surface than traditional BIOS and a (potential) flaw in UEFI could be leverage to gain access to machine without having any kind of physical access (as demonstrated by the people of Eclypsium at black hat last year).
answered 21 hours ago
StephaneStephane
17.6k25464
answered 21 hours ago
StephaneStephane
17.6k25464
answered 21 hours ago
StephaneStephane
17.6k25464
answered 21 hours ago
StephaneStephane
17.6k25464
17.6k25464
add a comment |
add a comment |
Practically speaking, a virus is software, so can do anything that any other software can do.
So the simple way answer to this question, and all others of the class "Can viruses do X?" is to ask "Does software currently do X?"
Such questions might include "can a virus walk my dog?" (not without a dog-walking robot); "Can a virus get me pizza?" (yes: this is regrettably not the main focus of most virus authors, however).
Are BIOSes (UEFI) currently updated using software? The answer is, yes they are. Mine updated last night, when I rebooted.
And so the answer is yes.
By the same logic, viruses can also cause (and historically have caused) physical damage to your CPU, hard drives, and printers.
Home automation systems and driverless vehicles are also possible targets for physical damages, but I know of no viruses which have done so.
answered 10 hours ago
Dewi MorganDewi Morgan
1,110513
1
I wouldn't mind much if my personal information was used by malware developers to order me free pizza and nothing else. (+1 for useful reasoning)
– Marc.2377
6 hours ago
1
@Marc.2377, I would not mind much if your personal information was used to order me free pizza… :-)
– sleblanc
2 hours ago
add a comment |
Practically speaking, a virus is software, so can do anything that any other software can do.
So the simple way answer to this question, and all others of the class "Can viruses do X?" is to ask "Does software currently do X?"
Such questions might include "can a virus walk my dog?" (not without a dog-walking robot); "Can a virus get me pizza?" (yes: this is regrettably not the main focus of most virus authors, however).
Are BIOSes (UEFI) currently updated using software? The answer is, yes they are. Mine updated last night, when I rebooted.
And so the answer is yes.
By the same logic, viruses can also cause (and historically have caused) physical damage to your CPU, hard drives, and printers.
Home automation systems and driverless vehicles are also possible targets for physical damages, but I know of no viruses which have done so.
answered 10 hours ago
Dewi MorganDewi Morgan
1,110513
1
I wouldn't mind much if my personal information was used by malware developers to order me free pizza and nothing else. (+1 for useful reasoning)
– Marc.2377
6 hours ago
1
@Marc.2377, I would not mind much if your personal information was used to order me free pizza… :-)
– sleblanc
2 hours ago
add a comment |
Practically speaking, a virus is software, so can do anything that any other software can do.
So the simple way answer to this question, and all others of the class "Can viruses do X?" is to ask "Does software currently do X?"
Such questions might include "can a virus walk my dog?" (not without a dog-walking robot); "Can a virus get me pizza?" (yes: this is regrettably not the main focus of most virus authors, however).
Are BIOSes (UEFI) currently updated using software? The answer is, yes they are. Mine updated last night, when I rebooted.
And so the answer is yes.
By the same logic, viruses can also cause (and historically have caused) physical damage to your CPU, hard drives, and printers.
Home automation systems and driverless vehicles are also possible targets for physical damages, but I know of no viruses which have done so.
answered 10 hours ago
Dewi MorganDewi Morgan
1,110513
Practically speaking, a virus is software, so can do anything that any other software can do.
So the simple way answer to this question, and all others of the class "Can viruses do X?" is to ask "Does software currently do X?"
Such questions might include "can a virus walk my dog?" (not without a dog-walking robot); "Can a virus get me pizza?" (yes: this is regrettably not the main focus of most virus authors, however).
Are BIOSes (UEFI) currently updated using software? The answer is, yes they are. Mine updated last night, when I rebooted.
And so the answer is yes.
By the same logic, viruses can also cause (and historically have caused) physical damage to your CPU, hard drives, and printers.
Home automation systems and driverless vehicles are also possible targets for physical damages, but I know of no viruses which have done so.
answered 10 hours ago
Dewi MorganDewi Morgan
1,110513
answered 10 hours ago
Dewi MorganDewi Morgan
1,110513
answered 10 hours ago
Dewi MorganDewi Morgan
1,110513
answered 10 hours ago
Dewi MorganDewi Morgan
1,110513
1,110513
1
I wouldn't mind much if my personal information was used by malware developers to order me free pizza and nothing else. (+1 for useful reasoning)
– Marc.2377
6 hours ago
1
@Marc.2377, I would not mind much if your personal information was used to order me free pizza… :-)
– sleblanc
2 hours ago
add a comment |
1
I wouldn't mind much if my personal information was used by malware developers to order me free pizza and nothing else. (+1 for useful reasoning)
– Marc.2377
6 hours ago
1
@Marc.2377, I would not mind much if your personal information was used to order me free pizza… :-)
– sleblanc
2 hours ago
1
1
I wouldn't mind much if my personal information was used by malware developers to order me free pizza and nothing else. (+1 for useful reasoning)
– Marc.2377
6 hours ago
I wouldn't mind much if my personal information was used by malware developers to order me free pizza and nothing else. (+1 for useful reasoning)
– Marc.2377
6 hours ago
1
1
@Marc.2377, I would not mind much if your personal information was used to order me free pizza… :-)
– sleblanc
2 hours ago
@Marc.2377, I would not mind much if your personal information was used to order me free pizza… :-)
– sleblanc
2 hours ago
add a comment |
Your question hints at a more deep subject that is rings and permissions of code on an operating system. On MS DOS the code could do whatever it wants. If the code wanted to write all 0x00's to a hard drive it could if it wanted to send strange output to a piece of hardware it could also there was nothing stopping the user's code. On a modern OS there is a concept of rings (this is enforced by the CPU). The kernel runs on ring zero and it could do whatever it wants. The user's code on the other hand can not. It runs on something called ring 3 and it is given it's own little piece of memory and inside of that memory it can do whatever it wants but it can not directly talk to hardware. If the user's code tries to talk to hardware then the kernel immediately kills the program. This means that it is highly unlikely that a regular virus can kill hardware because it can not talk to it directly.
If the kernel is hacked then the game is basically over. The kernel can do whatever it wants and a whole host of bad things can happen such as overclocking the CPU to a point where the hardware is unstable, wiping the hard drives (filling the with zeros for example), or pretty much any other plausible attack.
answered 7 hours ago
scifi6546scifi6546
11
New contributor
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
"If the user's code tries to talk to hardware then the kernel immediately kills the program" - Really? Can you provide a citation for that? I thought the protected instruction would simply fail and it's up to the program to deal with that reasonably or crash.
– Marc.2377
6 hours ago
add a comment |
Your question hints at a more deep subject that is rings and permissions of code on an operating system. On MS DOS the code could do whatever it wants. If the code wanted to write all 0x00's to a hard drive it could if it wanted to send strange output to a piece of hardware it could also there was nothing stopping the user's code. On a modern OS there is a concept of rings (this is enforced by the CPU). The kernel runs on ring zero and it could do whatever it wants. The user's code on the other hand can not. It runs on something called ring 3 and it is given it's own little piece of memory and inside of that memory it can do whatever it wants but it can not directly talk to hardware. If the user's code tries to talk to hardware then the kernel immediately kills the program. This means that it is highly unlikely that a regular virus can kill hardware because it can not talk to it directly.
If the kernel is hacked then the game is basically over. The kernel can do whatever it wants and a whole host of bad things can happen such as overclocking the CPU to a point where the hardware is unstable, wiping the hard drives (filling the with zeros for example), or pretty much any other plausible attack.
answered 7 hours ago
scifi6546scifi6546
11
New contributor
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
"If the user's code tries to talk to hardware then the kernel immediately kills the program" - Really? Can you provide a citation for that? I thought the protected instruction would simply fail and it's up to the program to deal with that reasonably or crash.
– Marc.2377
6 hours ago
add a comment |
Your question hints at a more deep subject that is rings and permissions of code on an operating system. On MS DOS the code could do whatever it wants. If the code wanted to write all 0x00's to a hard drive it could if it wanted to send strange output to a piece of hardware it could also there was nothing stopping the user's code. On a modern OS there is a concept of rings (this is enforced by the CPU). The kernel runs on ring zero and it could do whatever it wants. The user's code on the other hand can not. It runs on something called ring 3 and it is given it's own little piece of memory and inside of that memory it can do whatever it wants but it can not directly talk to hardware. If the user's code tries to talk to hardware then the kernel immediately kills the program. This means that it is highly unlikely that a regular virus can kill hardware because it can not talk to it directly.
If the kernel is hacked then the game is basically over. The kernel can do whatever it wants and a whole host of bad things can happen such as overclocking the CPU to a point where the hardware is unstable, wiping the hard drives (filling the with zeros for example), or pretty much any other plausible attack.
answered 7 hours ago
scifi6546scifi6546
11
New contributor
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Your question hints at a more deep subject that is rings and permissions of code on an operating system. On MS DOS the code could do whatever it wants. If the code wanted to write all 0x00's to a hard drive it could if it wanted to send strange output to a piece of hardware it could also there was nothing stopping the user's code. On a modern OS there is a concept of rings (this is enforced by the CPU). The kernel runs on ring zero and it could do whatever it wants. The user's code on the other hand can not. It runs on something called ring 3 and it is given it's own little piece of memory and inside of that memory it can do whatever it wants but it can not directly talk to hardware. If the user's code tries to talk to hardware then the kernel immediately kills the program. This means that it is highly unlikely that a regular virus can kill hardware because it can not talk to it directly.
If the kernel is hacked then the game is basically over. The kernel can do whatever it wants and a whole host of bad things can happen such as overclocking the CPU to a point where the hardware is unstable, wiping the hard drives (filling the with zeros for example), or pretty much any other plausible attack.
answered 7 hours ago
scifi6546scifi6546
11
New contributor
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 7 hours ago
scifi6546scifi6546
11
New contributor
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 7 hours ago
scifi6546scifi6546
11
answered 7 hours ago
scifi6546scifi6546
11
11
New contributor
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
scifi6546 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
"If the user's code tries to talk to hardware then the kernel immediately kills the program" - Really? Can you provide a citation for that? I thought the protected instruction would simply fail and it's up to the program to deal with that reasonably or crash.
– Marc.2377
6 hours ago
add a comment |
1
"If the user's code tries to talk to hardware then the kernel immediately kills the program" - Really? Can you provide a citation for that? I thought the protected instruction would simply fail and it's up to the program to deal with that reasonably or crash.
– Marc.2377
6 hours ago
1
1
"If the user's code tries to talk to hardware then the kernel immediately kills the program" - Really? Can you provide a citation for that? I thought the protected instruction would simply fail and it's up to the program to deal with that reasonably or crash.
– Marc.2377
6 hours ago
"If the user's code tries to talk to hardware then the kernel immediately kills the program" - Really? Can you provide a citation for that? I thought the protected instruction would simply fail and it's up to the program to deal with that reasonably or crash.
– Marc.2377
6 hours ago
add a comment |
Potentially. It would be hard to do however, as it would more than likely have to masquerade as a legit BIOS update somewhere down the line. The method to do so will change depending on your mobo but chances are it would have to involve the leaking of private or hardware keys or other secrets.
answered 21 hours ago
520520
43724
add a comment |
Potentially. It would be hard to do however, as it would more than likely have to masquerade as a legit BIOS update somewhere down the line. The method to do so will change depending on your mobo but chances are it would have to involve the leaking of private or hardware keys or other secrets.
answered 21 hours ago
520520
43724
add a comment |
Potentially. It would be hard to do however, as it would more than likely have to masquerade as a legit BIOS update somewhere down the line. The method to do so will change depending on your mobo but chances are it would have to involve the leaking of private or hardware keys or other secrets.
answered 21 hours ago
520520
43724
Potentially. It would be hard to do however, as it would more than likely have to masquerade as a legit BIOS update somewhere down the line. The method to do so will change depending on your mobo but chances are it would have to involve the leaking of private or hardware keys or other secrets.
answered 21 hours ago
520520
43724
answered 21 hours ago
520520
43724
answered 21 hours ago
520520
43724
answered 21 hours ago
520520
43724
43724
add a comment |
add a comment |
user73910 is a new contributor. Be nice, and check out our Code of Conduct.
user73910 is a new contributor. Be nice, and check out our Code of Conduct.
user73910 is a new contributor. Be nice, and check out our Code of Conduct.
user73910 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206606%2fcan-a-virus-destroy-the-bios-of-a-modern-computer%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
Why would a virus want to do that? The goal of most modern viruses is to take control of your computer in order to steal information or use it as a zombie machine, generally for some sort of financial gain. Bricking your computer does not benefit the attacker in any way, unless they have some personal beef with you. This is why it's not in the attacker's best interest to do so. Ideally, they infect your machine with no visible indication that they have done so, or they hit you with ransom-ware of some sort. Killing the computer dead serves no purpose.
– Darrel Hoffman
12 hours ago
8
@DarrelHoffman Let's say you are my competitor, and I want to slow you down, having that kind of virus its a good way, infecting your office network and bricking all your computers and servers... Yes, there is no information loss (as the hard drives are there) but the financial loss of fixing everything plus the down time of your employees... Maybe not the best way, but to say that "serves no purpose" it's to think to little.
– Omar Martinez
12 hours ago
2
@OmarMartinez And I would classify that under "attacker has a personal beef with you". You're now looking at a focused attack on a specific target, not just a virus that randomly spreads to wherever it can the way most do. Admittedly "serves no purpose" might've been overstepping a bit. But it's still not the way that typical viruses operate.
– Darrel Hoffman
12 hours ago
2
@DarrelHoffman while viruses now are generally as you say, done for financial gain, I'm sure there's still plenty of unpleasant people out there simply interested in mayhem and chaos, and there definitely was in the past. e.g. SQL Slammer didn't do anything really, except propagate itself.
– mbrig
12 hours ago
5
@DarrellHoffman I think you're underestimating the human capacity for random acts of malice
– barbecue
10 hours ago