Malware targeting computer BIOS raises stakes for endpoint management

by Charles Leaver

November 5, 2013

access_time 5 min read

Malware authors are increasingly creative and destructive. For example, a new over-the-air threat may be capable of compromising a machine's BIOS and enabling malicious communications. More importantly, this malware strain is platform-agnostic, meaning that it can compromise endpoints running Windows, OS X and Linux.

Given the severity and reach of this threat, the stakes are high for enterprises to implement endpoint security and control solutions that alert administrators to possible weaknesses in the network. Finding the problem before it escalates is key to avoiding costly support and recovery operations after the fact.

BadBIOS malware may spread low-level infection via USB drives
Only a single researcher has made claims about the dangers of badBIOS, the malware variant that appears to target PC firmware, but his findings have caught the attention of the cybersecurity community. For cybercriminals, the computer BIOS is an appealing target because it is available to users for only a short period of time before it hands off tasks to the operating system. Any malware that infects the BIOS can more easily escape detection than strains that compromise vulnerabilities in software like Java or Adobe Reader.

PCWorld reported that badBIOS may be uniquely capable of surviving reinstallation of the BIOS firmware and that it could use infected machines to communicate with other equipment using high-frequency signals - even while not connected to the Internet. It is most likely spread via malicious USB drives.

The potential dangers of badBIOS make it imperative that companies bolster data loss prevention strategies by monitoring and securing all endpoints. With USB drives being the potential carriers of badBIOS, it will be crucial to keep an eye on all mobile assets, both in terms of tracking physical location and using endpoint security software to view how they are behaving on the network.

How dangerous is badBIOS?
However, some security researchers have poured cold water on the mainstream viability of badBIOS. In a piece for InfoWorld, Serdar Yegulalp assessed the cybersecurity community's split views on whether badBIOS was hype or a real threat. Its viability may be constrained by the high technical requirements that its developers would have to meet in order to infect a wide range of endpoints.

"Any such malware would also have to contain multiple payloads for each of its infection targets - not just different OSes, but UEFI, PCI, and USB firmware as well," stated Yegulalp. "While difficult to execute, it isn't theoretically impossible. It would just be a major technical accomplishment."

Yegulalp also raised the possibility that research into badBIOS may have overlooked other possible causes of PC infection, such as system misconfiguration.

At the same time, researcher Robert Graham, pointed out that malware targeting Ethernet firmware and BIOS motherboards is not hard to develop and that accordingly it's possible that badBIOS could materialize into a real danger. Regardless of the verdict on badBIOS, organizations will want to prepare themselves for the changing threat landscape by using endpoint software to monitor their IT infrastructure.