Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A list of computers that do not "hold state"..?


  • Please log in to reply
4 replies to this topic

#1 kingneil

kingneil

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 22 October 2016 - 06:10 AM

Does anyone have a list of computers with no writable firmware..?

If you get hacked, hackers can deeply infect the BIOS, GPU, WiFi and other components that "hold state".

 

Then, even if you wipe your hard drive after getting infected, you can still just get re-infected again, due to the deep firmware infections.

 

The Raspberry Pi is an example of a device that does not "hold state".

 

Every component on the Raspberry Pi has its firmware and drivers loaded in from an SD card.

 

Thus, if you wipe the SD card, you have truly wiped the device, and can be sure that it is totally clean.

 

Does anyone have a list of similar devices to the Pi, that do not "hold state" on ANY of the components...?

Thanks



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:02 PM

Posted 22 October 2016 - 07:24 AM


Bios/UEFI (firmware) virus's exist but are very rare. Researchers have demonstrated in a test environment proof-of-concept viruses that could modify the flash BIOS or install a rootkit on the BIOS of some systems so that it could survive a reformat and reinfected a clean disk. This type of malware exists primarily in-the-wild and is not generic...meaning it's vendor specific and cannot modify all types of BIOS. Although in February 2015, Kaspersky Labs reported "persistent, invisible espionage malware inside the firmware of hard drives compatible with nearly all major hard drive brands: Seagate, Western Digital, Samsung". This particular threat targeted government and military institutions, telecom and energy companies, nuclear research facilities, oil companies, encryption software developers, and media outlets.This is a quote from my Security Colleague, Elise who works with the Emsisoft Anti-Malware Research Team.

Firmware is typically a small piece of software coded directly into a device (for example a video card or DVD writer) necessary for the device to function correctly. This code is highly device-dependent, different manufacturers and different models all require specific firmware. For that reason a firmware infection is not only highly unlikely but also very impractical for a malware writer. Someone who wants to create a successful infection not only needs to make sure the malware stays on the system (by making it harder to detect and delete), but also that it is distributed on a large scale. Deploying a firmware rootkit on a large scale is close to impossible as you'd have to write a lot of different versions for different hardware models.


UEFI (Unified Extensible Firmware Interface) was introducted as a replacement for traditional BIOS in order to standardize computer firmware through a reference specification. However, there are several companies that develop UEFI firmware and there can be significant differences between the implementations used by computer manufactures. These articles explain the complexity of the UEFI, secure boot protocol and exploitation.Fortunately, it's highly unlikely you will encounter a BIOS-level scenario as it is not practical for attackers to use such an exploit on a grand scale. Malware writers would much rather target a large audience through social engineering where they can use sophisticated but less technical means than a BIOS virus.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kingneil

kingneil
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 22 October 2016 - 07:30 AM

You did not answer my question.

I do not care how rare it is.

I am treating this as a threat.

 

So I would like people to list some devices out there that have no writable firmware.

 

I already listed Raspberry Pi. I would like some other examples of such devices.



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 22 October 2016 - 07:37 AM

And the firmware of the USB controller on the Raspberry PI?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 22 October 2016 - 07:43 AM

Hi, @kingneil:

 

You wrote:

 

You did not answer my question.

I do not care how rare it is.

I am treating this as a threat.

 

So I would like people to list some devices out there that have no writable firmware.

 

I already listed Raspberry Pi. I would like some other examples of such devices.

 

I mean no disrespect, but....

...You might find folks a bit more receptive to your inquiries if you were a bit more polite.

@quietman7 took the time to craft a detailed, thoughtful and informative reply to your question.

Forum "netiquette" suggests that a similarly polite reply would be appropriate, rather than a terse, gruff dismissal.

 

<just a friendly suggestion>

 

Cheers,

 

MM

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users