#INSYDE BIOS UPDATE HACK INSTALL#
To install the RCS UEFI rootkit, an attacker must reboot the system into the UEFI shell, extract the firmware, write the rootkit to the dumped image and then flash it back to the system, the Trend Micro researchers said. Even so, most antivirus vendors detect the highly intrusive software, which is known as Remote Control System (RCS) or Galileo, as malware. Hacking Team refers to its surveillance software as “the hacking suite for governmental interception” and claims to sell it only to government agencies. Gaining temporary physical access to some computers wouldn’t be a big problem for government agencies, because many countries have laws that allow the inspection of laptops and other devices at their borders. For the past week, security researchers and journalists have been sifting through the data uncovering malware source code, client lists, exploits for unpatched vulnerabilities and more information.Ī Hacking Team slideshow presentation suggests that installing the UEFI rootkit requires physical access to the target computer, but remote installation can’t be ruled out, the Trend Micro researchers said. Trend Micro found details about the UEFI rootkit in the more than 400GB worth of files and emails that were leaked recently from Milan-based Hacking Team by a hacker. AMI BIOS refers to firmware developed by American Megatrends, a long-time BIOS market leader.
“However, the code can very likely work on AMI BIOS as well,” the Trend Micro researchers said in a blog post. Hacking Team developed a method for infecting the UEFI firmware developed by Insyde Software, a Taiwanese company that counts Hewlett-Packard, Dell, Lenovo, Acer and Toshiba among its customers, according to security researchers from antivirus vendor Trend Micro.