Social Icons

Sunday, January 31, 2016

Detecting Firmware Infection : Prelim start@Google's VIRUSTOTAL

1.   The severity in cases where firmware is already infected at the time of first purchase by the user is now being realized over the years. Be it the Dell server case , Seagate firmware case , Equation Group , Proof of Concept for even Macs , NSA revelations by Snowden and the list is pretty long to workout.Over various discussions and forums I read across I could never get any kind of implementing a solution to detect a threat at the firmware level not before I read about about the first such attempt via Google VirusTotal.

2.   Google’s VirusTotal service has come-out with a new tool that analyzes firmware, the low-level code that bridges a computer’s hardware and operating system at startup. The new tool will label firmware images as either legitimate or suspicious. It can also extract certificates attached to firmware and if there are other executable files inside of it. The tool can extract portable executables (PEs) inside firmware since these could sometimes be a source of malicious behavior. 

“These executables are extracted and submitted individually to VirusTotal, such that the user can eventually see a report for each one of them and perhaps get a notion of whether there is something fishy in their BIOS image,” Santos wrote. 


3.   It will now be possible for people to extract their own firmware and submit it to VirusTotal, which has the potential to create a database of various firmware images that could contribute to research into bad ones. 

4.    No details could be fetched across of how it actually works.But happy about there being a kind of first.More options wil arise after this circulates around and we have a secure eco-system of web.