Skip to main content

Persistent, undetectable malware presented at Black Hat 2012

Persistent, undetectable malware presented at Black Hat 2012

/

Jonathan Brossard's Rakshasa malware overwrites a computer's BIOS, leading to a persistent and undetectable hardware backdoor.

Share this story

Eeprom
Eeprom

This year's Black Hat security conference has turned out some interesting exploits, but Jonathan Brossard's Rakshasa malware might be one of stealthiest we've seen yet. It works using modified open source tools like Coreboot and SeaBIOS to overwrite your PC's existing BIOS (the firmware that controls the low level functions of a computer) and opens the door for even more malicious software.

Kon-Boot is one example of software that can be downloaded once the Rakshasa exploit is in place, and it can bypass the password prompt of both Windows and OS X, giving a hacker access to user-level files. Because Rakshasa infects a computer at its lowest level it can't be detected by anti-virus programs, and even if it could, Brossard's exploit has built-in protection measures to keep it from being overwritten. There are currently 230 motherboards that are vulnerable to the exploit, and as the open source community improves Coreboot and SeaBIOS's hardware compatibility, more are likely to become vulnerable over time. If you'd like to know more about how Rakshasa works, Brossard's extremely technical presentation from Def Con 20 has everything you need to know.