badBIOS – now this is a bit scary…

Home Forum Chat Forum badBIOS – now this is a bit scary…

Viewing 5 posts - 91 through 95 (of 95 total)
  • badBIOS – now this is a bit scary…
  • Premier Icon GrahamS
    Subscriber

    Interesting conversation between @dragosr and @taviso (another twitter user that apparently knows his stuff).
    Dragosr does seem a little defensive and evasive when challenged.

    https://twitter.com/taviso/status/397804315361824768

    IanMunro
    Member

    let me lay some propositional logic on you:
    If Dragos is smart, then #badBIOS is a legitimate malware threat.
    Dragos is smart.
    Therefore, #badBIOS is a legitimate malware threat.

    Though the propositional logic is missing a caveat that people suffering from paranoid personality or delusional disorders can also be smart.

    Premier Icon molgrips
    Subscriber

    Yes or Dragos could be very clever AND perpetrating a hoax.

    Premier Icon GrahamS
    Subscriber

    people suffering from paranoid personality or delusional disorders can also be smart.

    Yeah a few people have mentioned this possibility and I have to say, reading through his tweets etc, it seems as likely as anything else, which would be very sad.

    Though he does say at the end of that second ArsTechnica piece:

    “We’ll get some peer review and find out if I’m completely losing it or if we found something significant.” Then, he paused for a moment and added: “By the way, I still don’t think I’m losing it.”

    Premier Icon andytherocketeer
    Subscriber

    If indeed it is a privilege escalation, then the “infected” USB device would surely have to be OS specific?
    Sure the BIOS / UEFI bit would or could potentially be platform independent, but there’s still a platform dependent/independent inconsistency.

    Think I mentioned it before, but there are USB protocols which are essentially automatically assumed to be trusted. HID is one for a start, but to do anything there, again it still needs to be tailored for target OS. And one very popular OS is clever enough to give you the (automatically trusted) tools to be able to use HID device to insert administrator privilege executable straight on to the system. Maybe not on a locked down corporate lappy, but almost certainly on a lappy where the normal user is granted more than numpty worker privileges.

Viewing 5 posts - 91 through 95 (of 95 total)

The topic ‘badBIOS – now this is a bit scary…’ is closed to new replies.