Enlarge / Software security concept. Errors in the program. Bugs in the program. The presence of a backdoor, rootkit. (credit: sasha85ru | Getty Imates)
For only the second time in the annals of cybersecurity, researchers have found real-world malware lurking in the UEFI, the low-level and highly opaque firmware required to boot up nearly every modern computer.
As software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface —is an operating system in its own right. It’s located in a SPI -connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. And it’s the first thing to be run when a computer is turned on, allowing it influence or even control the OS, security apps, and all other software that follows.
Those characteristics make the UEFI the perfect place to stash malware, and that’s just what an unknown attack group has done, according to new research presented on Monday by security firm Kaspersky Lab.