A new document that leaked by Edward Snowden describes the program DEITYBOUNCE of NSAThe document describes how the NSA can access its systems Dell and more specifically on PowerEdge servers by utilizing the motherboard's BIOS and using it System Management Mode (SMM). With this technique, the malicious program of the US secret service is loaded during boot up of the operating system.
The attack, as described, requires physical access to the system with a USB, apparently using the Autorun bugs known by Stuxnet. After being implanted into the BIOS of the system, the tool begins to work when the operating system starts to load.
In accordance with ZDNet the document is dated January 2007 (same date as the document describing the iPhone hack), and the attacks described in it are certainly much more difficult to carry out then than they are today. These attacks do not work on all systems and models. Aimed at “Microsoft Windows 2000, 2003 and XP. The affected models are Dell PowerEdge servers 1850/2850/1950/2950 RAID, which use BIOS in versions A02, A05, A06, 1.1.0, 1.2.0, or 1.3.7. "
Of course, the NSA should have updated the attack technique from 2007 until today as the operating systems and firmware in today's existing technologies have the ability to reverse this form of attack. UEFI (Unified Extensible Firmware Interface) technology, along with Secure Boot implements a check identity βασισμένο στον κώδικα PKI που τρέχει στον υπολογιστή. Αν φυσικά, η NSA έχει πρόσβαση στα κλειδιά δεν χρειάζεται να κάνει flash τον κακόβουλο κώδικα στο BIOS. Η Dell και η Microsoft χρησιμοποιούν το UEFI με το Secure Boot τα τελευταία χρόνια. Η πιστοποίηση ενός συστήματος με Windows 8 απαιτεί το UEFI και το με το Secure Boot και είναι ενεργοποιημένο από προεπιλογή χρησιμοποιώντας ένα ιδιωτικό key of Microsoft.
So if major technology companies do not cooperate with the NSA (by providing certification keys), it is quite difficult for secret services to breach such systems. But with the revelations that are constantly coming from Edward Snowden, it is becoming clear that we should not use closed-source operating systems.
