Feature #6808
Investigate harmful BIOS features
Start date:
2014-03-02
Due date:
% Done:
0%
Description
With “harmful” we mean BIOS features that phone home, enable remote administration and similar. Examples:
- Remote administration tools enabled at BIOS time, like Intel AMT, which can be configured to connect to the network at BIOS time, and then run a web-server, again at BIOS time (!), etc.
- Anti-theft technologies, like Intel Anti-theft. For an overview and exploits, see e.g.: Deactivate the Rootkit: Attacks on BIOS anti-theft technologies
“Features” like these may either cause general security issues, or have adverse effects on particular Tails features (e.g. BIOS-time network activity from Intel AMT exposes the real MAC address before Tails has a chance to spoof it).
Subtasks
Related issues
Related to Tails - |
Resolved | 2015-03-26 |
History
#1 Updated by anonym 2014-03-02 14:22:38
- Description updated
#2 Updated by BitingBird 2015-04-10 22:28:31
- related to
Bug #9116: Document that Tails doesn't protect against BIOS/firmware attacks added
#3 Updated by sajolida 2015-06-10 10:41:17
According to external experts, AMT-originated network activity will most probably have its own MAC address; and one that Tails probably can’t spoof. For example, AMT gets its own DHCP lease prior to and independent of the OS.
AMT can also be used to perform malicious BIOS updates.