Video Wakeup Call; Hacker Remotely Infecting Motherboard With LightEater To Snatch PGP Keys and Email From Tails Amnesiac

Watch this 3-minute video of master bios hacker Corey Kallenberg and crew remote in and deploy the LightEater firmware vuln onto a "military grade" motherboard, in seconds. Once pwned, watch him snatch PGP/GPG encryption keys and emails from a live-boot Tails amnesiac user. Happy travels, and always include bios integrity checks in your opsec protocol.

https://www.youtube.com/watch?v=sNYsfUNegEA


Comments


[3 Points] Shlabdingo:

he needs direct access to my motherboard to infect me?


[3 Points] throwaway682015666:

If you guys remember back from the 90s, we used to have to flash our BIOS occasionally. You'd usually boot from a MS-DOS boot floppy and run the program that way, but that was only because we were scared to death of crashing the computer during the flash. This kills the computer. You could actually run the program from windows, no problem....

BIOS updates still exist, but aren't very common anymore. If a BIOS update came out for your system, 99% of the people using that motherboard would not ever know about it......

Any modern version of windows will block the program from getting anywhere near flashing your hardware. It'll nag the hell out of you with those dimmed screen "GIVE IT PERMISSIONS?" messages. Be careful when you click that button...... Of course with physical access, anythings possible.... USB floppy drive with old school boot floppy with BIOS flash software on it? Old school :D

I question if there is enough room on the BIOS for a significantly dangerous virus to exist. BIOS viruses do exist though.


[1 Points] None:

[deleted]


[1 Points] ribeirao:

Let's say that I had a Lenovo and the bios was so fucking restrict that I had to go on a bios mods forum, and pick up one rom to unlock the tabs to install linux in a decent way. How would i check if this rom is not compromised ?