I know at least on my home systems, whenever I flash the BIOS, it asks for the BIOS administrator password. Installing a rootkit into BIOS would in alot of cases require the rootkit writer to not only know what operating system, the specific hardware in the system, etc. they have to write the kit for, but also how to crack the algorythms for all of the stored BIOS passwords for the myriad different BIOSes out there, including those that are customized for companies like Dell, Alienware, Falcon, HP, etc. I know OEMs sometimes have "hidden master passwords" built into BIOS, but not always.

It's not impossible, but it would take years of work, and might even be beyond the ken of any single individual or small cracking group. If you ask me, it's all just a bunch of fear-mongering at the current point in time. If anything goes into the wild, the easiest targets of course would be Windows based computers, because Windows tends to run anything at all without express permission of the user (or even user notification), and at elevated priveledges.

Also, if rooted, what would prevent the user from simply disconnecting from the internet, sticking in a clean, write-protected BIOS flash disc and simply reflashing the BIOS back to a known sane and clean BIOS? The rooter changing the password on the BIOS is the only one I can think of. -shrug-

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11372/33005#33005