Bitcoin Forum
January 19, 2018, 04:10:20 PM *
News: Electrum users must upgrade to 3.0.5 if they haven't already. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Is Armory vulnerable to USB-Stick viruses like BadBios?  (Read 6519 times)
maaku
Legendary
*
Offline Offline

Activity: 905


View Profile
November 07, 2013, 05:49:48 PM
 #41

Quote
In order for malware to exploit this method of infection in a more general fashion, surely there are some pretty hefty technical obstacles to overcome? How would an adversary target a machine with unknown hardware / unknown bios / unknown OS.

This embedded hardware is much more common and standardized than you might think. Pretty much all PCs use the same USB host chips. And for a given peripheral there's usually only a handful of chips running similar architectures available on the market. The BIOS/EFI firmware has standard extension interfaces that all vendors support and the malware would hook into to load itself.

Of course there's still a lot of engineering work that needs to be done to create such a virus, enough to put it in the category of almost-certainly-state-sponsored. But once it is isolated in the lab, it's a relatively small operation to dissect and re-purpose its various components to an existing bitcoin wallet seeking malware, for example.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1516378220
Hero Member
*
Offline Offline

Posts: 1516378220

View Profile Personal Message (Offline)

Ignore
1516378220
Reply with quote  #2

1516378220
Report to moderator
1516378220
Hero Member
*
Offline Offline

Posts: 1516378220

View Profile Personal Message (Offline)

Ignore
1516378220
Reply with quote  #2

1516378220
Report to moderator
darkmule
Legendary
*
Offline Offline

Activity: 1176



View Profile
November 07, 2013, 06:38:22 PM
 #42

I don't think any software at all would be invulnerable to BIOS-based malware that meets the description of BadBIOS, especially if you assume BIOS-based malware that is specifically aimed at wallets.  This is independent of whether BadBIOS exists as described.
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 1736

Armory Developer


View Profile
November 07, 2013, 07:57:58 PM
 #43

I don't think any software at all would be invulnerable to BIOS-based malware that meets the description of BadBIOS, especially if you assume BIOS-based malware that is specifically aimed at wallets.  This is independent of whether BadBIOS exists as described.

As long as writing operations to the BIOS' eeprom are dependant on a hard jumper setting, you're going a long way to thwart root kits.

maaku
Legendary
*
Offline Offline

Activity: 905


View Profile
November 07, 2013, 08:00:14 PM
 #44

You don't need to rewrite the BIOS eeprom. You can stick the payload (or its bootloader) in any of the other NVRAM locations and inject it into the running BIOS during boot when the infected device is brought up.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 1736

Armory Developer


View Profile
November 07, 2013, 08:32:17 PM
 #45

You don't need to rewrite the BIOS eeprom. You can stick the payload (or its bootloader) in any of the other NVRAM locations and inject it into the running BIOS during boot when the infected device is brought up.

It is obvious that the kind of measure I'm talking about only makes sense if all such locations are enforcing the same security measures. A shielded front door is useless if the window right next to it is wide opened.

Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!