Printed from http://www.electronista.com

NIST seeks comments on PC BIOS protection draft report

updated 06:20 pm EDT, Mon August 27, 2012

BIOS or UEFI attacks could render a system completely unusable

The US National Institute of Standards and Technology (NIST) has released a report offering advice to PC manufacturers on how they can assist the public good by protecting the BIOS used on servers. The report is a draft, and comments can be left with the agency until September 14, 2012. The report follows a similar report urging improvements in laptop and desktop workstations from 2011, in the wake of the Mebromi BIOS-altering malware.

The report cites the "unique and privileged position" of the BIOS as the motivation behind the revised guidelines. Of particular concern, the a BIOS attack "could be part of a sophisticated, targeted attack on an organization--either a permanent denial of service or a persistent malware presence" according to the report.

A migration underway from BIOS implementation to the Unified Extensible Firmware Interface (UEFI) may make it easier for widespread attacks, as the UEFI is based on a universal specification. In order to qualify for the "Designed for Windows 8" program, computers must use UEFI with secure boot enabled. Apple has used UEFI in 32-bit mode until the 64-bit implementation in OS X 10.8 Mountain Lion, making a cross-operating system attack possible without separate executable branches of code like found in the recent Crisis malware.

To combat the increasing ease of BIOS attacks, NIST recommends that manufactures cryptographically sign their BIOS updates, and starting to think of the BIOS as "the foundation for a secure system," according to report co-author Andrew Regenscheid.

Only a handful of pre-UEFI BIOS-altering malware exist, due to the variety of environments possible. Windows-specific CIH and Chernobyl may be the first examples from the late '90s. The Mebroni malware from 2011 was very specific, only infecting Award-manufactured BIOS ROM and failing to properly execute with other manufacturers' chipsets.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

Blue's Mikey Digital

Blue Microphones, a company that makes some of the most popular digital USB microphones among podcasters and musicians, has for some t ...

Sponsor

toggle

Most Commented

 
toggle

Popular News