Rootkits in a PC's BIOS
At the CanSecWest security conference, researchers from Core Security Technologies, an Argentine IT security firm, have presented a scenario in which a rootkit writes its code into a PC's flash memory chip, which normally contains the machines BIOS. Anchored deeply in the system like this, a rootkit will survive even reformatting or swapping the hard disk drive and most virus scanners have difficulty checking BIOS code.
Attacks on the PC BIOS are nothing new. The CIH virus, which appeared in 1998 and sprang into life each year on the 26th of April – the anniversary of the Chernobyl reactor disaster – is particularly well known. The author of that program, which ran under Windows 95, included a simple delete routine for the flash EEPROM memory chips, then customarily used on motherboards. This also made it easy to read out the, then controversial Pentium III serial number, originally proposed by Intel as a means of ID authentication, by altering the BIOS settings.
On current motherboards, the flash memory for the BIOS code is typically connected to the Southbridge chipset via a Serial Peripheral Interface (SPI), rather than the earlier low-pincount interface (LPC), or the even earlier ISA or X bus. The days are gone when users had to laboriously enter command-line instructions after a DOS reboot to apply a BIOS update from a diskette. Flash tools now run under Windows, sometimes even as ActiveX controls. Many BIOS versions incorporate a flash tool that can load updates from, for example, a USB memory. Apart from manufacturer-specific flash tools there are also generic tools that can read, erase and write to flash memory chips from a range of makers, such as Flashrom by the Coreboot developers.
BIOS code is executed immediately following a reboot, even before the operating system is called and before virus scanners, or any other software can provide protection against malware. BIOS code consists of several individual modules that have to be run in sequence, plus sequence control code. The code in an individual module, which may carry out a power-on self test (POST), can be LZH compressed, as the authors Anibal L. Sacco and Alfredo A. Ortega explain in their CanSecWest presentation. Before running individual modules, the BIOS also checks their checksums – so the checksums of any injected code also has to be matched up. On this subject The Core Security team explicitly refer to author Darmawan Salihun, who writes about BIOS hacks under the nickname 'Pinczakko', supplies tips on how to do this.
They discuss many potential targets in the BIOS code and apparently have found the LZH un-packer routines, among others, to be praiseworthy for not being compressed. The two authors point out that virtualisation software, such as VMware, emulates BIOS code, which can also be modified.
As with many similar demonstrations of hardware-based attacks – for example the system management mode attack recently discussed by Joanna Rutkowska and Loic Duflot – no assessment is given of what systems are generally vulnerable. First of all, not every flash tool can write to every flash chip. Aside from this, virtually every BIOS has a write-protect option in its set-up program (some with password protection), if activated this won't allow the BIOS code to be overwritten. On many motherboards, writing to the flash chip can also be prevented with a single jumper or DIP switch.
Also unclear is what BIOS versions are generally vulnerable to attack by this method. The Core Security team worked with a Phoenix Award BIOS (Phoenix took over Award in the late 1990s). However, there are also BIOS versions that include better security under the Phoenix trademark, such as SecureCore, which protect their code with signatures. Finally, there are also other BIOS varieties made by other manufacturers such as AMI, Insyde and in future UEFI Firmware. So an attack on the motherboard's BIOS has to be relatively system-specific. The fact that, despite the known vulnerabilities highlighted by the CIH virus more than a decade ago, very few malware routines have so far attacked the BIOS, shows that such attacks are considered as less promising, or unduly complicated, as compared to those on popular operating systems and web browsers.
A potentially more rewarding and simpler way to infect BIOS code could be to manipulate the BIOS updates provided by motherboard and PC manufacturers. Their servers usually don't look particularly well protected, while download web sites are ever more frequently manipulated, and new equipment increasingly contains infected code.