The Remote Control System (RCS) spyware που είχε αναπτύξει η Hacking Team contained a BIOS rootkit for UEFI (Unified Extensible Firmware Interface) preloaded, enabling it to hide on infected systems.
The invisible infection was revealed after it was leaked source code των κακόβουλων λογισμικών της companys last week. The Remote Control System (RCS) remained on the infected computers even if the owners formatted them, or even if they completely changed the hard drive.
Although spyware was primarily designed for Insyde BIOS (a popular notebook BIOS), it could work smoothly on AMI BIOS, according to Trend Micro security company.
A leaked Hacking Team PowerPoint reports that initial infection appears to require physical access to targeted systems. But it could be done with other techniques, Trend Micro reports, following a preliminary analysis of the leaked presentation, as well as a hacking team's BIOS rootkit tool.
"A slide show by the Hacking Team claims that a successful infection requires physical access to the target system. However, we can not rule out the possibility of remote installation ", writes Philippe Lin, senior engineer of Trend Micro.
"An attack scenario for example would be: The attacker gains access to the target computer, reboots the UEFI shell, launches the BIOS, installs it with the BIOS rootkit, flashs the BIOS again, and then restarts the system one last time. goal. ”
EUFI SecureFlash, the BIOS update whenever there is a security update and password setting for the BIOS or UEFI, can be a precaution in this type of attack, according to Trend Micro.
The motherboard firmware is a very attractive target for hackers because it is easy for hack, the infection remains invisible and often impossible to remove.