- badBIOS – now this is a bit scary…
Interesting conversation between @dragosr and @taviso (another twitter user that apparently knows his stuff).Posted 4 years ago
Dragosr does seem a little defensive and evasive when challenged.IanMunroMember
let me lay some propositional logic on you:
If Dragos is smart, then #badBIOS is a legitimate malware threat.
Dragos is smart.
Therefore, #badBIOS is a legitimate malware threat.
Though the propositional logic is missing a caveat that people suffering from paranoid personality or delusional disorders can also be smart.Posted 4 years agoGrahamSSubscriber
people suffering from paranoid personality or delusional disorders can also be smart.
Yeah a few people have mentioned this possibility and I have to say, reading through his tweets etc, it seems as likely as anything else, which would be very sad.
Though he does say at the end of that second ArsTechnica piece:Posted 4 years ago
“We’ll get some peer review and find out if I’m completely losing it or if we found something significant.” Then, he paused for a moment and added: “By the way, I still don’t think I’m losing it.”andytherocketeerSubscriber
If indeed it is a privilege escalation, then the “infected” USB device would surely have to be OS specific?
Sure the BIOS / UEFI bit would or could potentially be platform independent, but there’s still a platform dependent/independent inconsistency.
Think I mentioned it before, but there are USB protocols which are essentially automatically assumed to be trusted. HID is one for a start, but to do anything there, again it still needs to be tailored for target OS. And one very popular OS is clever enough to give you the (automatically trusted) tools to be able to use HID device to insert administrator privilege executable straight on to the system. Maybe not on a locked down corporate lappy, but almost certainly on a lappy where the normal user is granted more than numpty worker privileges.Posted 4 years ago
The topic ‘badBIOS – now this is a bit scary…’ is closed to new replies.