Feature #6808

Investigate harmful BIOS features

Added by anonym 2014-03-02 14:14:52 . Updated 2015-06-10 10:41:17 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2014-03-02
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

With “harmful” we mean BIOS features that phone home, enable remote administration and similar. Examples:

  • Remote administration tools enabled at BIOS time, like Intel AMT, which can be configured to connect to the network at BIOS time, and then run a web-server, again at BIOS time (!), etc.

“Features” like these may either cause general security issues, or have adverse effects on particular Tails features (e.g. BIOS-time network activity from Intel AMT exposes the real MAC address before Tails has a chance to spoof it).


Subtasks


Related issues

Related to Tails - Bug #9116: Document that Tails doesn't protect against BIOS/firmware attacks Resolved 2015-03-26

History

#1 Updated by anonym 2014-03-02 14:22:38

  • Description updated

#2 Updated by BitingBird 2015-04-10 22:28:31

  • related to Bug #9116: Document that Tails doesn't protect against BIOS/firmware attacks added

#3 Updated by sajolida 2015-06-10 10:41:17

According to external experts, AMT-originated network activity will most probably have its own MAC address; and one that Tails probably can’t spoof. For example, AMT gets its own DHCP lease prior to and independent of the OS.

AMT can also be used to perform malicious BIOS updates.