Researchers find insecure BIOS 'rootkit' pre-loaded in laptops

"The biggest problem, Ortega explained, is that a malicious hacker can manipulate and control the call-home process. That's because the technology uses a configuration method that contains the IP address, port and URL, all hard-coded in the Option-ROM. At first run, Sacco explained that the configuration method is copied in many places, including the registry and hard-disk inter-partition space. ,p>"The duo found that it's trivial to search and modify the configuration, giving them the ability to point the the IP and URL to a malicious site, where un-authenticated payloads can be directed to laptop."

Complete Story

Related Stories:

• Intel CPU cache poisoning: dangerously easy on Linux(Apr 22, 2009)
• New Attack Sneaks Rootkits Into Linux Kernel(Apr 15, 2009)
• Editor's Note: Instead of Throwing Everyone In Jail, Fix Your Lousy Products(Dec 05, 2008)
• Shred and Secure-Delete: Tools for Wiping Files, Partitions and Disks in GNU/Lin(Dec 03, 2008)
• 25 Arguments for the Elimination of Copy Protection(Oct 21, 2008)
• Linux Detecting/Checking Rootkits with Chkrootkit and rkhunter Software(Jan 29, 2008)
• CNET News: PC Hardware Can Pose Rootkit Threat(Mar 02, 2007)