Persistent BIOS Infection

Date: 
Thursday, March 19, 2009
Authors: 
Anibal Sacco and Alfredo Ortega
Conference / Publication: 
CanSecWest Vancouver, BC, Canada
Abstract: 

Presentation of a technique to modify and persist code to add rootkit functionality to the BIOS firmware of commercial-of-the-shelf computers that do not perform strict enforcement of BIOS updates using cryptographically strong digital signature. The technique relies on identification and use of existent code in the firmware that is typically invariant through BIOS updates.