Friday, April 19, 2024
Search
  
Saturday, March 11, 2017
 Intel Security releases EFI rootkit checker Following WikiLeaks Reports
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail: * Required!
Recipient (e-mail): *
Subject: *
Introductory Message:
HTML/Text
(Photo: Yes/No)		 (At the moment, only Text is allowed...)
 
Message Text:

Following recent WikiLeaks Vault 7 disclosures, including details regarding firmware vulnerabilities in popular hardware, Intel Security has pushed out a tool to check for such rootkits.



The Vault 7 leaks suggest that the CIA has been able to produce EFI (Extensible Firmware Interface) rootkits for MacBooks called DarkMatter.

Intel Security has released tool to check for such rootkits, although Apple issued a statement earlier this week indicating that it had addressed "many of the issues" exposed by WikiLeaks.

EFI is the firmware that replaces the old-fashioned BIOS on computers. Various rootkit exploits allows the attacker to inject code that will then be run before the operating system itself launches. Working on a kernel level, rootkits evade easy detection and could also survive hard disk formats.

According to Intel, DarkMatter includes multiple EFI executable components that it injects into the EFI firmware on a target system at different stages of infection. If one has generated a whitelist of known good EFI executables from the firmware image beforehand, then running the new tools.uefi.whitelist module on a system with EFI firmware infected by the DarkMatter persistent implant would likely result in a detection of these extra binaries added to the firmware by the rootkit.

According to Intel, the open-source CHIPSEC can help you defend from this threat and stay safe.
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2024 - All rights reserved -
Privacy policy - Contact Us .