Title
Persistent BIOS Infection
Authors
Alfredo Ortega and Anibal Sacco
In
Tenth annual CanSecWest applied security conference. March 16-20 2009. Vancouver, British Columbia, Canada.
Date published
2009-03-18
Keywords
rootkit BIOS malware infection

Abstract

Presentation of a technique to modify and persist code to add rootkit functionality to the BIOS firmware of commercial-of-the-shelf computers that do not perform strict enforcement of BIOS updates using cryptographically strong digital signature. The technique relies on identification and use of existent code in the firmware that is typically invariant through BIOS updates.

Attachments

Persistent_BIOS_Infection.pdf - Slides of the talk at the CanSecWest 2009 applied security conference