Is there any documented case of firmware malware, given the TAO revelations?
You can read the entry here:
http://www.rootwyrm.com/2014/01/dismant ... s/#respond
Key summary in my opinion:
"So no. They’re still not infecting the BIOS. Most Ethernet MACs have burst writable (meaning: can be written to during normal operation) flash, as do many USB controllers and so on. These parts are very hard to forensically inspect because the storage is on the die and accessed via on-die controllers. Operations to and from these devices are not checked for safety or security because of the difficulty and performance impact – they just have to be assumed as “safe.” That’s where the initial payload resides and execute from."
Could an antimalware still detect something like this? They are detecting the very few BIOS malwares out there.
You can read the entry here:
http://www.rootwyrm.com/2014/01/dismant ... s/#respond
Key summary in my opinion:
"So no. They’re still not infecting the BIOS. Most Ethernet MACs have burst writable (meaning: can be written to during normal operation) flash, as do many USB controllers and so on. These parts are very hard to forensically inspect because the storage is on the die and accessed via on-die controllers. Operations to and from these devices are not checked for safety or security because of the difficulty and performance impact – they just have to be assumed as “safe.” That’s where the initial payload resides and execute from."
Could an antimalware still detect something like this? They are detecting the very few BIOS malwares out there.
