One nasty lil bug

Submitted by Nick on Tue, 10/02/2018 - 11:11

The more I dive into the world of cybersecurity threats and vulnerabilities, the more I wish I could just stay at home and not have to worry about any of it. It's a scary thing...

One of the scariest things, I think I have read about so far is ESET's finding of a UEFI rootkit in the wild, called LoJax. For those that don't know what UEFI is, it basically has replaced BIOS on most modern motherboards. So having a rootkit that lives in the motherboard firmware is especially frightening. This bug is like the cockroach that lives under the skin of another cockroach, and by that I mean it's really, really hard to get rid of. This thing buries itself so deep that the only thing that can fix it is flashing a firmware fix, which is not for the faint of heart.

The malware was built off tools that were intended for tracking and recovery of lost or stolen equipment. So it makes sense that a group like Sednit would be able to twist a security function into the evil little thing that they did.

Luckily there is at least one security measure that you can check to ensure this doesn't happen to you. First, ensure that you have Secure Boot enabled in the UEFI settings, this makes sure that each and every firmware component has been properly signed. If you do happen to find yourself with the LoJax bug, you have a few options, flash clean manufacurer firmware, or replace the motherboard outright. Chances are if you happen to have one of these motherboards that are susceptible, it's probably time for that upgrade anyway.