Persistent BIOS Infection

Thursday, March 19, 2009
Anibal Sacco and Alfredo Ortega
Conference / Publication: 
CanSecWest Vancouver, BC, Canada

Presentation of a technique to modify and persist code to add rootkit functionality to the BIOS firmware of commercial-of-the-shelf computers that do not perform strict enforcement of BIOS updates using cryptographically strong digital signature. The technique relies on identification and use of existent code in the firmware that is typically invariant through BIOS updates.