Found in the wild: The world’s first unkillable UEFI bootkit for Linux - eviltoast

“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. “Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.”

  • 0x0@programming.dev
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    4
    ·
    29 days ago

    Who would’ve thought replacing a BIOS with what’s essentially a micro-computer would open a can of worms…

    • Eximius@lemmy.world
      link
      fedilink
      English
      arrow-up
      25
      arrow-down
      1
      ·
      edit-2
      29 days ago

      BIOS was always a micro computer… it’s just more standardized now.

      And especially things like IPMI (which is essentially a company-sanctioned backdoor to any intel server) which has a full on webserver with an unknown number of threat vectors, things like this really fall flat for security.

      Just because threats are found for UEFI (an open standard), it means nothing in grand scheme of things, just that it is more observed and more easily dissected for nefariousness.

      • 0x0@programming.dev
        link
        fedilink
        English
        arrow-up
        7
        ·
        29 days ago

        I meant BIOS is way more limited in scope than UEFI and that’s a good thing.

        Although since the limitation was most likely due to hardware of the day, i don’t know how would a modern BIOS look like.

      • computergeek125@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        28 days ago

        If you’re looking at Intel, you might be thinking IME/vPro

        IPMI (such as iDRAC on Dell) runs off-processor on a different section of the motherboard typically and is installed on AMD servers as well.

        • dai@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          28 days ago

          Off topic but IPMI is such a handy feature. I’ve got an old x99 board with it, and man being able to remotely power cycle a frozen machine is missed. Even being able to change UEFI settings without having to drag out a monitor and keyboard.

          • computergeek125@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            27 days ago

            I have five Dell servers in the rack, and another two Dells and three x9? (Atom C2758 8-core if memory serves) Supermicros on the shelf.

            I think only one or two of the Dells came with iDRAC Enterprise and all the Supermicros had full licensing. It’s absolutely beautiful (once you get done fighting the software updates to purge the Java gremlins).

            My three R730s were upgraded to Enterprise as soon as I had budget and a spare line item to do so. Power on/off is great and console+ISO is peak. I love this.