Bitcoin Forum
October 24, 2017, 06:27:47 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Is Armory vulnerable to USB-Stick viruses like BadBios?  (Read 6478 times)
maaku
Legendary
*
Offline Offline

Activity: 905


View Profile
November 07, 2013, 05:49:48 PM
 #41

Quote
In order for malware to exploit this method of infection in a more general fashion, surely there are some pretty hefty technical obstacles to overcome? How would an adversary target a machine with unknown hardware / unknown bios / unknown OS.

This embedded hardware is much more common and standardized than you might think. Pretty much all PCs use the same USB host chips. And for a given peripheral there's usually only a handful of chips running similar architectures available on the market. The BIOS/EFI firmware has standard extension interfaces that all vendors support and the malware would hook into to load itself.

Of course there's still a lot of engineering work that needs to be done to create such a virus, enough to put it in the category of almost-certainly-state-sponsored. But once it is isolated in the lab, it's a relatively small operation to dissect and re-purpose its various components to an existing bitcoin wallet seeking malware, for example.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508826467
Hero Member
*
Offline Offline

Posts: 1508826467

View Profile Personal Message (Offline)

Ignore
1508826467
Reply with quote  #2

1508826467
Report to moderator
darkmule
Legendary
*
Offline Offline

Activity: 1162



View Profile
November 07, 2013, 06:38:22 PM
 #42

I don't think any software at all would be invulnerable to BIOS-based malware that meets the description of BadBIOS, especially if you assume BIOS-based malware that is specifically aimed at wallets.  This is independent of whether BadBIOS exists as described.
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 1638

Armory Developer


View Profile
November 07, 2013, 07:57:58 PM
 #43

I don't think any software at all would be invulnerable to BIOS-based malware that meets the description of BadBIOS, especially if you assume BIOS-based malware that is specifically aimed at wallets.  This is independent of whether BadBIOS exists as described.

As long as writing operations to the BIOS' eeprom are dependant on a hard jumper setting, you're going a long way to thwart root kits.

maaku
Legendary
*
Offline Offline

Activity: 905


View Profile
November 07, 2013, 08:00:14 PM
 #44

You don't need to rewrite the BIOS eeprom. You can stick the payload (or its bootloader) in any of the other NVRAM locations and inject it into the running BIOS during boot when the infected device is brought up.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 1638

Armory Developer


View Profile
November 07, 2013, 08:32:17 PM
 #45

You don't need to rewrite the BIOS eeprom. You can stick the payload (or its bootloader) in any of the other NVRAM locations and inject it into the running BIOS during boot when the infected device is brought up.

It is obvious that the kind of measure I'm talking about only makes sense if all such locations are enforcing the same security measures. A shielded front door is useless if the window right next to it is wide opened.

Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!