UEFI Malware Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

3 hours 35 minutes
Video Transcription
hello and welcome to P C Security Intermediate Course.
In this video, I will be talking about your five muller and in particular with touch about how you if I can be compromised and wise, you find Mallory so dangerous.
So, uh,
the way that you can compromise you If I on a PC's through BIOS updates you can do by subjects using the USB flash. So you
on some pieces, you can do it regularly that way, and this is one of the recommended ways to do by yourself. Date if all the other ways to do the bias of that fail. So
because the otherwise the rays are to Dubai subject over network so centrally.
Andi, if your PC is not in an effort that you cannot do it and the 3rd 1 is to do BIOS update from a Wes and PC manufacturers, they create specific packages that allow you to do by a subject from operating system. It's usually a kind of program that you download
and then you ran it, and this programme may contain the BIOS update within itself, or it can look at your PC. Look at the version of eyes you have what kind of PC is that?
And then download the appropriate BIOS update from the repository of bias repository on the site of the PC manufacturer. Because by a sub dates and bias flashes,
you don't do it from third party. You do it on Lee from PC manufacturer. Otherwise, you point the warranty and
it might work, and it might contain malware.
So when you do it, we're using USB flash. You can do it before the operating system boots all of the things over network and from OS. They usually have to be done
when the operating system boots. Although there are some more capabilities in latest generation of, for example, Intel processes. This essentially allow you to do by subject over network before the operating system Boots, for example, of your operating system. Your hard drive is
still not formatted, and it's the images and uploaded on it. So
you can do that in theory. And I think that there are now some some utilities that actually allow you to do it.
Um, so, uh,
when we talk about bias updates from a West,
uh, the way that buyers can be compromised is through update drop packages so you,
for example, there is some kind of,
as I mentioned before, there is some bug in the firmer of the processor, and you just update the drop package that up. They just did small partial portion off firmer, which then being flushed into. So you change the firmer of the processor
you can do update off entire bias,
or you can just add things to it so you can. When you do update a device, it's usually not the entire bias. It's usually something like just
again drop packages that changed things off the buyers. But you can also do the the Adan Tobias Older two had some functionality to it. It's being done even by the manufacturers of PC's.
But usually if you have the BIOS package, it contains the entire bias. Why? Because sometimes you have, for example, in in factory or in the
service departments. You have motherboards that don't have the bias on itself, or they have much older version because motherboards can sit in the in service repair shop like for two years,
so you don't have the
the previous version. ABIs. There would be sure you update you have tow push all the thing in.
But also, if you were talking about Maya's bile smaller, these things can be very small and easily deployable. That can be, you know, less than a megabyte in the insides.
So if something is happening like this, the question is, why so dangerous? So is it mentioned before these things? They're not detectable by anti virus.
They are complicated to remove sometimes.
So even if you detective say okay, I have, ah, buyers that has bean manipulated. Sometimes it can be really complex way to remove it. And you learn about it
being in a lesson when I start talking about
the existing known you If I Marber
and also it can easily spread through networks of the company without to actually anybody knowing that it's spreading in the all the warning signs in terms off antivirus and Tim hours after on PCs and even on the server, they are completely oblivious to it.
And, of course, as I mentioned, it can do a lot of damage.
uh, although dory there are no hundreds or thousands malware for you if I like there is for operating systems and programs on. The reason for that is because it's not so easy to write to you. If I
malware, um, there they have to be taken seriously just because they're so Stilton Cooper at this point.
Why is it so difficult? Well, you have to know how the
the manufacturer off the the PC writes the bias. What are the structures? So basically, you have to reverse engineer the
machine cold in Okay, so you have five buyers, is not written in machine gold. You can write it in C plus plus, but in order to reverse engineer it, you have to us essentially looking. What's what's in Europe? I virus. And then you have to do the reverse engineering in order to add something
in a way that it won't fully stop the function. You know, bias of breaking down. So
it's not so easy to write it. But it's much easier than 15 or 20 years ago when the entire bias was much smaller for sitting in a very small piece off fresh rundown mother board, and it was written and it had to be written directly in the machine called
OK. In this video, have learned about what the your five Mao for uh, is and how how it can be deployed not actually how it works, but how it's deployed
and you learned about wise, the dangerous. And in next video, I will continue talking about your five mile were with the example off.
What, what is happening today?
Up Next