BIOS needs stronger security, say researchers

NIST researchers call for digital signatures for BIOS updates

Stewart Mitchell
12 May 2011

The computer industry must build better security into the boot process to create safer systems, according to the US's National Institute of Standards and Technology (NIST).

The basic input/output system (BIOS) in a computer is especially at risk because of the central role it plays within PC, according to the NIST engineers working on the project.

“Unauthorised modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture,” NIST said.

“A malicious BIOS modification could be part of a sophisticated, targeted attack on an organisation, either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware).”

As a result, the institute has called for manufacturers and BIOS creators to use a series of measures that it claims would enhance security from the bottom up.

Primarily, NIST demanded building ID verification features into the BIOS to help protect it from attackers.

Hackers could currently abuse the access routes built into systems to allow manufacturers to update system firmware, fix bugs, patch vulnerabilities and support new hardware.

“The guidance calls for using cryptographic digital signatures to authenticate the BIOS updates before installation,” NIST said.

Read more about: