Hacker News new | comments | show | ask | jobs | submit login

The problem at the moment is that the BIOS is writable at all times, even when the OS is running. This makes BIOS updates easier (i.e. you can make a Windows application that can do so, for example), but the problem is that this allows ANY process with Admin access to alter the BIOS as well.

I'm speechless that this horrible idea was ever taken seriously, much less implemented. That answers my question as to how a BIOS could become infected.

I'm seriously sitting here in shock. How could any hardware manufacturer think it was a good idea to let a userspace program permanently alter EEPROM, ever? One does not need to be very intelligent to realize hackers will hack that.

This brings us full circle to the original question, though: Did the security researcher write a program to dump the contents of EEPROM rather than desoldering the chips? if so, then he may have been hoodwinked by the virus.




> How could any hardware manufacturer think it was a good idea to let a userspace program permanently alter EEPROM, ever?

Because most hardware manufactures are selling to consumers and not cypherpunks.


This brings us full circle to the original question, though: Did the security researcher write a program to dump the contents of EEPROM rather than desoldering the chips? if so, then he may have been hoodwinked by the virus.

Is this different than getting a dump of the BIOS before flashing it? Are we talking about different chips on the motherboard?


Flashing BIOS used to require a hardware manipulation - like moving a jumper or a dip switch. I hope this is still the case?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: