Since a BIOS isn't connected to the internet, even if your BIOS is infected with a malware (say you used a usb to flash it but with files that wasn't from the official motherboard manufacturer's site). Is the damage limited locally to the functionality of your system? In that your data can't really be transmitted through the internet to another party?
1 Answers
- Depends on the BIOS if it can connect to the internet. Most modern UEFI are able to do so, but usually don't for security reasons
- Depends on the Malware. When the Malware is in the BIOS it could supply the necessary "driver" (code) to utilize your Network connection and might even implement DHCP so it get an IP and then I could probably connect to the internet and send data there.
- That Malware needs to be able to understand the Filesystems (e.g. NTFS, FAT32, ext4, ...). Most BIOS are limited to only be able to read FAT32, but again your Malware might be able to expand the capabilites.
Overall it depends on the Malware, your BIOS and Mainboard. For the malware to actually do this, it would need either presupplied network code from the BIOS or would need to have the specific code for that mainboard model to utilize the network components.
Also a counter Question: Do you mean BIOS, EFI or UEFI? A malware for a UEFI would be simpler to implement than for a BIOS, because BIOS is not really standardized, while UEFI is ("Universal Extensible Firmware Interface", the universal and extensible are the issue here).
TLDR: Yes it can reach the internet, even though hard.
You can see it like this: Windows and Linux are also able to access the internet and essentially can't do more than a BIOS.
Also be aware of this: Can BIOS malware be installed from OS? You need to install the malware first before being able to do anything.
Greetings.
PS: your malware would also need the usual IP-Networkingstack implemented. e.g. IPv4 Packets, Ethernet-Frames, maybe even DNS
- 166
- 1
- 1
- 6
-
Thank you for your explanation! Is it common to get UEFI virus nowadays? I have UEFI, and I live on the assumptions that should I get a virus, I'm probably fine as long as I clean install my OS on my harddrive. I am trying to develop a plan / procedure for when my computer becomes infected, since I can never know to which level it infected my computer, I try to clean install / reset whenever possible. After hearing what you said, I think my plan should include a bios flashing usb to flash the BIOS back to a trustable version in case it is infected? – Ecotistician May 31 '20 at 11:44
-
It is not common to get a UEFI virus in the scope of the world, but if you were specifically targeted (for whatever reason, e.g. you are the CEO of microsoft) you have a higher risk. It also no unheard of that someone got their UEFI infected. – Pingger Shikkoken May 31 '20 at 11:46