‘Hacking Team used uefi rootkit for spyware’
The controversial Hacking Team used a uefi rootkit to keep its software on an operating system at all times. This means that reinstalling the operating system, and even replacing a hard drive, did not immediately remove the spyware.
Security firm Trend Micro discovered that Hacking Team developed a way to abuse the firmware of bios manufacturer Insyde, which is used by HP, Dell and Lenovo, among others. The code probably also worked with technology from competitor American Megatrends Incorporated. It is not clear whether this is still the case for firmware from both manufacturers.
A leaked presentation from Hacking Team reveals that attackers most likely first had to have physical access to the system they wanted to infect. Once they had it, Trend Micro said they could use a Hacking Team tool to install the rootkit. The Italian company also provided support in case the bios was not compatible.
Trend Micro recommends that anyone who doesn’t want to fall victim to bios rootkits turn on Secure Flash for uefi. In addition, the bios should always be up-to-date with the latest software. It is also advisable to set a password for uefi chips and the older bios chips.
The Italian Hacking Team, which provides software to governments for monitoring suspects, was hit by an attack last week. It had the necessary consequences. Hacking Team suspects that it was hacked by a government, but this is not certain to this day.