On 02/17/2015 04:56 PM, Alfie John wrote:
Hi lists,
Does anyone know of any tools to extract the Equation Group's malware from hard drive firmware?
FlashROM should be able to help. Does anyone know if these are BIOS-era OptionROM- based, or UEFI-based drivers? If they are UEFI drivers, the UEFI Dev Kit (UDK) tools can help.
Also, are there any public registries online to report and view infections?
RANT: This recent event is an example of why OEMs/IHVs/IBVs need to treat firmware more like software and not like silicon. We *NEED* SCAP OVAL definitions SCAP CVEs, ChangeLogs/ReadMes with feature/bug deltas. These days, there is no excuse, CoreBoot and UEFI(TianoCore.org) are open source projects, not the ancient monolithic BIOS codebase with ancient OpROM blobs. All existing blobs that OEMs/IHVs release should be signs, and have a CRL/OSCP URL for updates. There needs to be a public registry of these BIOS OpROM blobs and UEFI binaries. We need a vendor neutral logo that lists detalis about firmware, not rely on MSFT to drive Windows OEMs to only do what MSFT wants; and we need Consumer Reports to track this data about systems. Most importantly, OEMs need to build systems which enable users to install their own firmware, like users do today with OS software.