BIOS needs stronger security, say researchers

By
BIOS needs stronger security, say researchers

The computer industry must build better security into the boot process to create safer systems, according to the US's National Institute of Standards and Technology (NIST).

The basic input/output system (BIOS) in a computer is especially at risk because of the central role it plays within PC, according to the NIST engineers working on the project.

“Unauthorised modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture,” NIST said.

“A malicious BIOS modification could be part of a sophisticated, targeted attack on an organisation, either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware).”

As a result, the institute has called for manufacturers and BIOS creators to use a series of measures that it claims would enhance security from the bottom up.

Primarily, NIST demanded building ID verification features into the BIOS to help protect it from attackers.

Hackers could currently abuse the access routes built into systems to allow manufacturers to update system firmware, fix bugs, patch vulnerabilities and support new hardware.

“The guidance calls for using cryptographic digital signatures to authenticate the BIOS updates before installation,” NIST said.

This article originally appeared at pcpro.co.uk

Copyright © Alphr, Dennis Publishing
Tags:

Most Read Articles

Australia gets its own Humble Bundle

Australia gets its own Humble Bundle

The 31 best podcasts of 2017

The 31 best podcasts of 2017

Windows 10 Fall Creators Update: 10 of the best new features

Windows 10 Fall Creators Update: 10 of the best new features

Ask Graeme - What is the value of the NBN?

Ask Graeme - What is the value of the NBN?