Malware could work its way into your BIOS


For those who don’t know what the Basic Input Output System (BIOS) is, it’s the most important part of your computer. It is the first code run by a PC when powered on, and controls every aspect of your computer—motherboard, RAM, CPU, hard drives, optical drives, keyboards, mice—everything that makes a computer work.

Now imagine what would happen if malware attacked this vital part of your computer. According to Jonathan Brossard, founder of the French security consultancy Toucan System, “You would need to flash all the devices simultaneously. It would be very difficult to do. The cost of recovery is probably higher than the cost of the laptop. It’s probably best to just get rid of the computer.”

“Flashing” refers to overwriting the data on read-only memory (ROM) modules present in an electronic device with new data. This is generally not recommended unless there is a serious problem with a module. If there is a problem with the BIOS, the most important module in a computer, then the problem is serious enough to warrant Brossard’s suggestion.

This malware, called “Rakshasa” after a demon in Hindu mythology, is completely theoretical. However, Brossard acknowledges the fact that it may one day be used to attack computers. It is basically a permanent backdoor into a PC, and even if the BIOS is disinfected, something else will become infected, making it impossible to completely disinfect the system.

“The whole point of this research is to undetectably and untraceably backdoor the hardware,” Brossard says. “What this shows is that it’s basically not practical to secure a PC at all, due to legacy architecture. Because computers go through so many hands before they’re delivered to you, there’s a serious concern that anyone could backdoor the computer without your knowledge.”