1

As you know, there are attacks on the firmware of BIOS and HDD. What if I used some kind of VMS, maybe VirtualBox? Will this protect me from an already infected BIOS (and by that, I mean, no one can steal my RSA private keys)? What if I can use the VM from Tails OS that does not touch the HDD? Will that protect me from infected BIOS and HDD so no one will be able to steal my keys using the infected HDD or BIOS?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Бассел Жаббор
  • 41
  • 3
  • Where are you storing the keys? If you use a live in-memory VM, how will you store keys there? – schroeder Aug 06 '15 at 16:36
  • @schroeder if i used vm on tails-which does not toche the hdd- to protect me from infected bios then I would save my keys on usb pendrive.. tails is live os – Бассел Жаббор Aug 06 '15 at 16:39
  • 1
    As soon as you plug in a USB drive, then the computer's BIOS needs to process it, regardless of the OS or where the OS is running. Virtualization does not help you. – schroeder Aug 06 '15 at 16:41
  • @schroeder is there any method to protect myself against an infected BIOS? – Бассел Жаббор Aug 06 '15 at 16:44
  • 1
    There are many questions here related to yours, such as this [one](http://security.stackexchange.com/questions/3056/how-secure-are-virtual-machines-really-false-sense-of-security) or that [one](http://security.stackexchange.com/questions/58187/can-a-guest-virtual-machine-be-compromised-by-a-virus-on-the-host-machine) –  Aug 06 '15 at 18:35

2 Answers2

3

Virtualization does not protect you when the host system is compromised.

An attacker who controls the host system, controls the execution of the hypervisor which means they control everything which happens in the virtual machine.

In theory... In practice, virtualization is an uncommon scenario for typical malware targets, so you will encounter few malware which contains a payload to attack virtual machines running on the host (although this isn't unheard of).

Philipp
  • 48,867
  • 8
  • 127
  • 157
0

Quick answer:

No

Longer answer:

It all depends on how the virus acts and spreads itself. Apart from the well known attack vectors such as network connections and file sharing, viruses are able moves between guest and host OS for example by using the emulated virtual COM port.

There are also some reports of viruses which attacked the host via virtual machines (in x86 virtualization though) - Report 1 and Report 2

  • is there any method to protect myself against an infected BIOS? – Бассел Жаббор Aug 06 '15 at 16:49
  • 1
    A malware which controls the host OS can hack guest OSes far easier than network connections and filesharing. It can simply rewrite the virtual hard drive images of the guests in the filesystem of the host OS. – Philipp Aug 06 '15 at 16:49
  • The OP is specifically worried about an infected BIOS. – schroeder Aug 06 '15 at 16:52
  • I agree @schroeder however the threat is also based on the virus behaviour. Maybe the virus infecting the BIOS is not interested in the keys. –  Aug 06 '15 at 17:04