Security researchers are definitely earning their keep.
According to a report by Wired, researchers at a digital security conference Friday revealed a difficult-to-detect BIOS attack called LightEater that leaves millions of computers vulnerable, and can take as few as two minutes to gain access to a computer. (Video via YouTube / hdgadget)
When you turn on your computer, the BIOS — which stands for basic input/output system — helps your computer get going. It loads up your operating system — like Microsoft Windows — and helps the computer communicate with the stuff you've plugged into it: the display, the keyboard, the mouse, etc.
The hack works by infecting this basic input/output system. It's particularly worrisome because software designed to protect your computer from viruses doesn't typically scan the BIOS; it scans the operating system loaded by the BIOS.
So if hackers can infect the BIOS, they are — in theory — capable of loading malware onto your system undetected. And here's the kicker, via Wired:
"The vulnerabilities ... were so easy to find that they wrote a script to automate the process and eventually stopped counting [them] because there were too many."
The problem is people aren't updating their BIOS when manufacturers make updates available. That leaves dozens of openings for hackers, which result in millions of vulnerable computers.
"To check the setup version from Windows, go to the Start screen and type 'msinfo32.' Click 'msinfo32,' and the System Information window will open."
Yeah, that was just a few seconds of a two-and-a-half-minute Dell support tutorial for updating the BIOS — clearly not the easiest process in the world.
The Register spoke to the lead researchers who discovered these vulnerabilities. The duo hopes to essentially shock governments, businesses and users into action by showing just how simple it is to gain nearly unprecedented access to millions of computers — especially now that BIOS attacks are starting to crop up. (Video via DEFCONConference / CC BY 3.0)
"The research pair says the attacks should serve as a boot in the arse for governments and corporations to apply BIOS patches if only to make life more difficult for less-resourced hostile spy agencies."
The best way to keep yourself protected from attacks like this one is to keep your computer updated — and yes, that includes the BIOS.
This video includes images from Uwe Hermann / CC BY SA 2.0, Richard Masoner / CC BY SA 2.0, happyhappyjoyjoy / CC BY NC SA 2.0, Wolfie Fox / CC BY NC 2.0 and Getty Images and music from Brenticus / CC BY 3.0.