There is much more to a vulnerability than just malware and hacking

Dec 20, 2011 09:30 GMT  ·  By

When users hear of vulnerabilities, the first thing that pops into their mind is viruses, Trojans, worms and other elements that relate to malware or computer hacking. If Basic Input Output System (BIOS) flaws are involved, then everything seems even more dangerous, especially since, not long ago, we saw the malicious MEBROMI virus on a mission to take over computing devices.

This weekend, at the first regional edition of DefCamp, that took place in Iasi, Romania, independent security researcher Willy Weiss showed that there could be a creative side to vulnerabilities, even in the ones found in BIOS.

The researcher is currently working on a project that relies on BIOS flaws to help users interact with their computers remotely from a smartphone. After he held his speech I contacted him for an interview to find out more about his work.

“Actually, in 2009 Pandora’s box was opened and the BIOS that was until then considered bulletproof, became vulnerable. I took that idea and made it into something productive, to demonstrate the features that could be obtained by productively exploiting vulnerabilities,” Weiss said.

Flaws in BIOS were first taken advantage of in 1999, but only in 2009 researchers demonstrated that a malicious code could be inserted into its decompression routines with the purpose of taking over a PC even before the operating system could be booted.

Now, Weiss relies on the same techniques and adds something extra to make sure that not only can the flaws be used for creative purposes, but also to prevent cybercriminals from utilizing them to launch malicious operations.

While he claims that there are many practical applications, such as remotely controlling a computer from a smartphone, taking full advantage of the PC's computing resources, in his proof of concept he showed a simple application that could power up a computer by sending an SMS from a mobile phone.

With the use of the Wake On LAN function, and by inserting a piece of code of his own that verifies the source of the SMS to prevent any unfortunate incidents or any malicious attempts, he managed to remotely turn on a PC.

Even though remotely booting up a PC may not sound that great, this is only the first step in obtaining other applications that could be highly useful.

“Think about having a smartphone and a remote management software installed on your home PC. You could use your mobile phone to perform a task, but you’d have the computing power of the PC,” he said.

“For instance, by sending a message from the phone that says ‘Hey BIOS, start the PC, connect to IP x.x.x.x, using Y application,’ you are connected to your PC and you can enjoy all the computing resources offered by it.”

Since the BIOS not only configures the other components, but also checks its own integrity, this goal is not easy to achieve, but Weiss states that he has everything figured out. By altering the original code and recoding it in his own method, he can fool the BIOS into thinking that everything is legitimate.

“For now, I am taking everything one step at a time. I am currently focusing on making sure the connection to the mobile works perfectly, since there’s a lot of testing that still needs to be done.”

“Six months ago I started doing the actual implementation and I hope to finalize it next year and make it available for public use,” he concluded.

Photo Gallery (2 Images)

Willy Weiss at DefCamp
Modified BIOS menu
Open gallery