grarpamp at gmail.com
Wed Jan 2 13:42:10 PST 2019
Researchers hunting cyber-espionage group Sednit (an APT also known as
Sofacy, Fancy Bear and APT28) say they have discovered the first-ever
instance of a rootkit targeting the Windows Unified Extensible
Firmware Interface (UEFI) in successful attacks. From a report: The
discussion of Sednit was part of the 35C3 conference, and a session
given by Frederic Vachon, a malware researcher at ESET who published a
technical write-up on his findings earlier this fall [PDF]. During his
session, Vachon said that finding a rootkit targeting a system's UEFI
is significant, given that rootkit malware programs can survive on the
motherboard's flash memory, giving it both persistence and stealth.
"UEFI rootkits have been researched and discussed heavily in the past
few years, but sparse evidence has been presented of real campaigns
actively trying to compromise systems at this level," he said. The
rootkit is named LoJax. The name is a nod to the underlying code,
which is a modified version of Absolute Software's LoJack recovery
software for laptops. The purpose of the legitimate LoJack software is
to help victims of a stolen laptop be able to access their PC without
tipping off the bad guys who stole it. It hides on a system's UEFI and
stealthily beacons its whereabouts back to the owner for possible
physical recovery of the laptop.
The notion that any closed source SW or HW blob, even a BIOS,
by whatever ridiculously secretive and unknown companies,
partnered with and employing whatever other unknowns, let alone
in any new codebase such as UEFI or *Lake or Ryzen or Phone...
that you can't inspect however and whenever the fuck you want...
is somehow secure, open, trustable, and miraculously free from
holes, exploits, and exploitation... is utterly ridiculous.
Doesn't matter whether "taobios" was fake or not,
you're all still fucked.
#OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz
More information about the cypherpunks