![]() ![]()
You can probably write a relatively portable rootkit that works across a plethora of different Mainboards and Chipsets. The UEFI world is so much larger, more powerful and already offers plenty of abstractions and services. ![]() To my understanding, the limitations of the old BIOS world would've made it much harder to hack on it other than maybe enabling hidden menus. Were there? I couldn't find anything, but then again Google is garbage nowadays if you want to find older stuff. ![]() > Seriously, even good old BIOS is susceptible to rootkits, there has been tons of them. there are lots of competent engineers out there capable of reverse engineering a UEFI implementation. I don’t mean to say it’s not impressive, but it’s not magic. #Reimage licence key serial 2016 free Patchso hopefully no more than an extra order of magnitude: a couple weeks, maybe a full month if my manager’s asking for a deadline and i want to be conservative?Īlso, think about where/how they hooked: it sounds like they hooked at the equivalent of an interface boundary, where it’s easiest to inject a new implementation - but then they have to check the return address to know where in the larger scope of the process they’re currently at: if you had access to the codebase and build tools why wouldn’t you patch your exploit into the code more directly and just rebuild it? why abuse the return address like that? Now if you were handed only the binaries, and left to objdump them etc, how long? evidently there’s symbol names since the article uses those. If you were handed the UEFI implementation codebase like a new-hire, how long would it take to figure out this potential codepath? a couple days? Of course, if there's a bug in the raspi firmware, it also can't be fixed, but the attack surface is so small I'm willing to make the trade-off (and buy a new pi if it comes to light). #Reimage licence key serial 2016 free PcIn contrast, I've heard so much news about how USB firmware can get reprogrammed, how PC malware can survive BIOS reflashing, how malware can live in external drive firmware, etc. What this basically means is that no matter what infects your pi, you can always just replace the SD card and restore it to a clean state. Firmware can't be modified, and while the second stage bootloader can be flashed in the RPi 4, the first stage bootloader can't be modified. From what I've heard, the RPi is effectively immune from persistent malware. I wonder why more computers don't use the simple boot model that devices like the Raspberry Pi use. And it could compromise a network connection to insert a malicious payload into a file you're downloading, just to make the surveillance persistent when you're not plugged in. It could scoop up everything you type, everything on your screen, and communicate via a connection that is entirely transparent to the OS.Īt that point, your only hope is a firewall flagging the connection, otherwise you'll be completely oblivious to the ongoing surveillance. If you hooked up your laptop to a docking station with a malicious USB-C cable and you had ethernet, an external monitor, and a keyboard plugged into the dock, you would basically be giving an attacker a VNC session. Yes, of course, keyloggers are possible (that's been done plenty in the past with regular old USB-A 2.0), but think about one of USB-C's common applications: docking stations. Imagine what could be done with an infected USB-C cable. USB-C 3.0+ cables all need chips inside them for negotiating USB-PD, among other things. I can’t help but wonder just how utterly compromised we all are, and won’t know it until many years down the line. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |