32

I have a machine that I suspect to be compromised and am installing a new OS from a usb. I know that there have been cases of malware surviving this, and even BIOS-reflashing, and something about the malware hiding on other firmware. But how common is it (or how hard is it for someone/something to hide on other firmware)? Even if it is common/plausible, is there even anything that can be done about it (apart from, like, buying a new one, but I'd rather not). If there is, how?

Improve this question

1 Answer 1

Reset to default
27

Basically yes, you're right to worry. However, it's not the garden variety adversary that has that kind of capabilities... Also more and more update mechanisms are protected by a signature check, and — save an attacker having physical access to your machine — are pretty tough nuts to crack. Brand-name machines (Lenovo, HP, Dell...) often have solutions to upgrade all firmwares at once (UEFI firmware included) and should give you peace of mind.

On an assembled system, it's a pain to identify all flashable components and locate updates for all of them, but it is doable...

Improve this answer
11
  • 2
    If your electricity supply is reliable it cannot hurt, and there are possibly bug fixes you'll benefit from...
    – Bruno Rohée
    Commented Jun 2, 2022 at 12:20
  • 11
    And BTW your question is not dumb at all, it's a pretty common headache about what to do with machines post compromise or post compromise suspicion, and many entities get it wrong.
    – Bruno Rohée
    Commented Jun 2, 2022 at 12:25
  • 6
    Downloading and flashing the USB stick from a known good machine on a (presumably) uncompromised network should be enough. But yes everyone of your machine that shared a network with a compromised machine possibly is compromised itself.
    – Bruno Rohée
    Commented Jun 2, 2022 at 13:07
  • 4
    Note that there've been documented cases of attackers modifying update tools to claim that they successfully applied a firmware update but only actually change the version number without doing anything else. But I wouldn't expect that to be a common case.
    – Charles Duffy
    Commented Jun 3, 2022 at 14:02
  • 3
    Though, I wouldn't really have a piece of mind that flashing the BIOS will get rid of malware installed in said BIOS (as malware could have tampered with flashing code in it, and thus just fake flashing or allowing flashing and reinstalling itself afterwards). Only way to be sure really is to nuke it from orbit (or at least desolder chips and reprogram them in external programmator)
    – Matija Nalis
    Commented Jun 4, 2022 at 13:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .