Help me understand what UTI means, I know you think the hack is a dangerous, I just want to understand how it works. Thanks!
You are viewing a single comment's thread from:
Help me understand what UTI means, I know you think the hack is a dangerous, I just want to understand how it works. Thanks!
You know how when you boot the computer, before the Windows or Apple logo comes up you can press F10 or F2 to go into your BIOS? That area is what is hacked.
That area is in charge of loading your Operating System, generating the randomness for even the most advanced encryption, and all other modern security measures. This BIOS / ETI / Firmware infection attacks the root of modern digital security.
The actual firmware of the system is pwned, which is independent of the hard drive and the RAM. A reinstall of your operating system is no longer a solution, throwing away the hard drive and RAM does nothing - once infected the system is lost forever.
The BIOS is loaded before your antivirus or malware protection, before your operating system, before anything that can protect you. It can then take that very small malware infection and install a gigantic, infinitely complex virus on your hard drive and then tell your computer that the entire infected area of your hard drive does not exist, or is empty - so that no anti virus can ever find whatever complex infection you produce.
Do you want to scan a system for strings that look like bitcoin keys or SHA keys or whatever encryption, done. You could monitor the keyboard itself, or monitor the USB data stream, and the operating system (much less the AV) would never even know.
Do you want to wipe a hard drive clean, or change existing data in a database without generating a transaction, or turn off the cooling fans on a room full of servers, done. No more need to hide the code, no more anti virus signatures catching the infection, the AV thinks it is just empty space - the possibilities are endless, this is a new World.
Whatever infects this BIOS / firmware / EFI area first owns the system - and from what I could make of the highly fragmented stream, it appears this can be done on Mac products straight out of the box - meaning you don't have to visit an infected link - you can be proactively targeted and attacked.
Macs run on the same underlying architecture Intel Architecture as PC's so if they can do it on an out of the box Macbook, they can do it on anything. The idea is that they can infect the firmware of a system - and that hardware wallets and bootable CD's rely on security that would be loaded after the infected firmware has already hidden whatever virus the attacker can dream up.
It makes attackers life soooooo much easier, no more obfuscating code, no more worrying if your virus gets caught by an AV vendor and signature added to the AV community products - you could name you virus "Virus" and have it run a keylogger and save the keystrokes to disk and hide all of that obvious stuff from Antivirus using that BIOS infection to mark yourself off a little space anywhere in memory or on disk that is simply not available to the Operating System to interrogate - nothing can see what your virus is doing once you have owned the firmware that loads before any of the security stuff on the market today.
Anti Virus can't even scan memory well - we are a very long way from protecting the BIOS.
I have been saying UTI - it is called EFI on Macs. The outcome is the same, but I must have crossed a mental wire on infection names.