Monday, April 20, 2020

Dell agrees that BIOS is the next malware battleground

So, anyway, I recently heard that Dell had released a BIOS testing tool, so I grabbed it and ran it over my trusty Dell Optiplex 7070. The tool was pretty hard to find, but I did find it, and installed it, and it ran, and it pronounced that my BIOS was fine.

That was cool, and expected, but there were a couple of shortcomings.

The first was that it did not tell me that there was an Intel Management Engine upgrade, marked as urgent, and also a BIOS upgrade marked as urgent, which, as a Dell product, I would have thought it should have known about, and told me.

The second was that it doesn't see the sort of things that we see, such as components that seem to have similar functionality to the so-called Lenovo rootkit of 2015.

This makes sense, as this functionality is in there by design, but, in my opinion, is a desirable target for the Bad Guys(tm)

All security pros know that security and functionality tend to exist in an inverse relationship, which is to say that the more functional you make something, the less secure it tends to be.

We think people need to know what (and who) is in their firmware.

To me, the most important aspect of this tool is simply the fact that Dell is acknowledging that the BIOS is the next malware battleground. While poking around for the tool, I also found this report, with the title, "BIOS Security - The Next Frontier For Endpoint Protection".

Folks, all organizations need to start paying attention to what's in their firmware, because it's going to take time to fix.

No comments: