The researchers plan to unveil newly developed concepts that can slyly get past the TPM (Trusted Platform Module) chip and allow it to continue believing that nothing is wrong with the software. The malware can then continue infecting the BIOS even after it has been altered in any way, for example if it has been reset or flashed. Even an update may not be able to secure the software in this case.
How the Malware Gets Passed BIOS
As of now, the BIOS flash chip contains the code required for the system TPM chips to function.They are needed so that the measurement and PCR (Platform Configuration Register) keep the BIOS from being infected. However, affecting this with the malware allows it to manipulate the PCR into changing its value, following an inconsistency between this and the TPM.
Two different malware that are said to be unveiled at Black Hat are now called the “tick” and the “flea” for their abilities to either be stealthy or be able to jump between BIOS revisions. The flea is said to be able to predict a firmware update and hide itself to be a part of the update as well.
Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+
Image courtesy of [Salvatore Vuono, wandee007] / FreeDigitalPhotos.net