Feature #6808: Investigate harmful BIOS features

Feature #6808

Investigate harmful BIOS features

Added by anonym 2014-03-02 14:14:52 . Updated 2015-06-10 10:41:17 .

Status:

Confirmed

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

2014-03-02

Due date:

% Done:

Feature Branch:

Type of work:

Research

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

With “harmful” we mean BIOS features that phone home, enable remote administration and similar. Examples:

Remote administration tools enabled at BIOS time, like Intel AMT, which can be configured to connect to the network at BIOS time, and then run a web-server, again at BIOS time (!), etc.

Anti-theft technologies, like Intel Anti-theft. For an overview and exploits, see e.g.: Deactivate the Rootkit: Attacks on BIOS anti-theft technologies

“Features” like these may either cause general security issues, or have adverse effects on particular Tails features (e.g. BIOS-time network activity from Intel AMT exposes the real MAC address before Tails has a chance to spoof it).

Subtasks

Related issues

Related to Tails - ~~Bug #9116~~: Document that Tails doesn't protect against BIOS/firmware attacks

Resolved

2015-03-26

History

#1 Updated by anonym 2014-03-02 14:22:38

Description updated

#2 Updated by BitingBird 2015-04-10 22:28:31

related to ~~Bug #9116~~: Document that Tails doesn't protect against BIOS/firmware attacks added

#3 Updated by sajolida 2015-06-10 10:41:17

According to external experts, AMT-originated network activity will most probably have its own MAC address; and one that Tails probably can’t spoof. For example, AMT gets its own DHCP lease prior to and independent of the OS.

AMT can also be used to perform malicious BIOS updates.