Accueil

PHYSICAL BIOS HACK


This demo shows that “evil maid attacks”, hacks where an attacker has physical access to a target computer, are not as complicated as you may think.

Hacker lore is littered with tales of mysterious attackers breaking into hotels—perhaps at a conference—to get their hands on someone’s laptop with the goal of installing malware on it by physically connecting to the machine. That’s why the more careful hackers never leave their laptops unattended at events, or bring disposable computers with little to nothing valuable on them.

These types of attacks are called evil maid attacks in the infosec world, because the imaginary attacker is someone who has access to your room and malicious intentions. Pwning a laptop via physical access is a true and tested method to hack someone. But there’s no better way to be reminded of how effective and sometimes effortless these attacks can be than an actual demo.

In early July, security firm Eclypsium posted a video showing how Mickey Shkatov, one of its researchers, hacks into a laptop by opening it up, connecting a device directly to the chip that contains the BIOS, and installing malicious firmware on it—all in just over four minutes. That easy. (In some cases hackers don’t even need to open up the laptop).

“Physical attacks are hard to defend against and most people aren’t doing anything to defend against them,” John Loucaides, Eclypsium’s vice president of engineering, told me. “It’s not that hard of a attack to pull of as most people think. It takes less time and less effort than most people realize.”

In this case, Shkatov said he did some prep work by programming a device built specifically to flash computers’ firmware or BIOS (essentially the "heart" of the computer, which loads up your operating system) with a backdoor, or rootkit. The device costs $285 new and the generic proof-of-concept backdoor is freely available on GitHub. So all he had to do for the video demo was clip the device to the chip, and let it do what it was already programmed to.

In a scenario where the attacker doesn’t know what laptop they are going against, he said it would still take an experienced hacker—”someone who’s done it before,” as he put it—no more than 10 or 20 minutes to figure out what backdoor to deploy for the specific computer once the device is plugged in.

As The Intercept’s digital security expert Micah Lee wrote earlier this year, it’s incredibly hard to detect these kind of attacks. All you can do is put tamper-proof locks on your laptop, or even just glitter nail polish that will help you spot if someone has messed with your hardware.

The good news is that while it’s relatively easy to hack a laptop once you get your hands on it, it’s all the work that is required to get there (monitoring a target to see where they live or are sleeping, breaking into their room, etc) makes these attacks likely rare.