BIOS needs stronger security, say researchers
By Stewart Mitchell
Posted on 12 May 2011 at 13:21
The computer industry must build better security into the boot process to create safer systems, according to the US's National Institute of Standards and Technology (NIST).
The basic input/output system (BIOS) in a computer is especially at risk because of the central role it plays within PC, according to the NIST engineers working on the project.
“Unauthorised modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture,” NIST said.
“A malicious BIOS modification could be part of a sophisticated, targeted attack on an organisation, either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware).”
As a result, the institute has called for manufacturers and BIOS creators to use a series of measures that it claims would enhance security from the bottom up.
Primarily, NIST demanded building ID verification features into the BIOS to help protect it from attackers.
Hackers could currently abuse the access routes built into systems to allow manufacturers to update system firmware, fix bugs, patch vulnerabilities and support new hardware.
“The guidance calls for using cryptographic digital signatures to authenticate the BIOS updates before installation,” NIST said.
Is this an old story?
I thought the BIOS went out with MS Vista to be replaced by EFI or some other thing?
By SwissMac on 12 May 2011 
Motherboard manufacturers need to ditch BIOS and implement EFI sooner rather than later. They are very slowly getting there. I think ASUS has an EFI board.
By james016 on 12 May 2011
@SwissMac
Vista merely introduced EFI support, many vendors still use BIOS (presumably because they see no reason to move to EFI).
Aren't there also other alternatives to BIOS like coreboot?
By tech3475 on 12 May 2011
@SwissMac - Good of you to refrain from gloating over how the Mac already uses EFI! There seems to be a big push to get EFI on the Sandy Bridge generation motherboards. As James says, the OS enables it, but it is up to hardware manufacturers to actually implement it.
Longer term there really is no need for a "boot" process at all these days. Just put the entire OS in flash memory. Better still, put a simple Hypervisor platform in flash and run the OS in a virtual machine.
By JohnAHind on 12 May 2011
I think EFI BIOSes are a requirement for a sandy bridge motherboard..
By Hereisphilly on 13 May 2011
I think EFI BIOSes are a requirement for a sandy bridge motherboard..
By Hereisphilly on 13 May 2011
BIOS Security AGAIN
The best way to protect your computer is to keep humans away from it altogether.
Right Protect Hardware Switches prevent BIOS malware.
In house security starts IN HOUSE so no bugs get onto the system.
By lenmontieth on 13 May 2011
A comment from a different sight [Sorry it is plagiarised]
Quote
If the cyber criminals managed to get an inside man/woman, at a motherboard factory
Unquote.
Well what more could I say?
By lenmontieth on 13 May 2011
advertisement
- Adobe Dreamweaver CC review: first look
- Huawei Ascend P6 review: first look
- Adobe Illustrator CC review: first look
- Let MPs tell us what they really want ISPs to block
- Adobe Photoshop CC review: first look
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Google two-step verification: a must for business email
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
Lenovo Reviews
Read More
advertisement
