1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMIBIOS Source Code and AMI's UEFI Signing Key Leaked

Discussion in 'News' started by btarunr, Apr 7, 2013.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,260 (11.35/day)
    Thanks Received:
    13,586
    Location:
    Hyderabad, India
    An FTP server in Taiwan that could be publicly accessed, leaked the source code of AMI Aptio UEFI BIOS, including AMI's unique UEFI signing test key. The utterly irresponsible act of holding such sensitive data on public FTPs is suspected to be committed by motherboard vendor Jetway. In doing so, the company may have compromised security of every motherboard (across vendors) running AMI Aptio UEFI BIOS. Most socket LGA1155 and FM2 motherboards, and some socket AM3+ motherboards run AMI Aptio.

    Among the leaked bits of software include the source code of AMI BIOS, Aptio, and AMI's UEFI test signing key, which is used by all its clients to sign their BIOS updates. Signing ensures that BIOS updating software verifies the update is genuine, and coming from the motherboard manufacturer. With this key out, malware developers can develop malicious BIOS updates, hack motherboard vendors' customer support websites, and replace legitimate BIOS updates with their malicious ones. Control over the system BIOS could then give hackers access to most ring-0 OS functions.

    [​IMG]

    "By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated & installed for the vendor's products that use this firmware. If the vendor used this same key for other products - the impact could be even worse," writes Adam Caudill, who along with Brandon Wilson, discovered the open FTP server. "This kind of leak is a dream come true for advanced corporate espionage or intelligence operations. The ability to create a nearly undetectable, permanent hole in a system's security is an ideal scenario for covert information collection," he added.

    Source: Adam Caudill's Blog
    Last edited: Apr 7, 2013
  2. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,354 (6.30/day)
    Thanks Received:
    3,367
    Location:
    IA, USA
    Look on the bright side: this may mean BIOS can be updated to eliminate secure boot (aka DRM).
    Last edited: Apr 7, 2013
    Jack Doph, hellrazor, KieX and 4 others say thanks.
    Crunching for Team TPU
  3. The Von Matrices

    The Von Matrices

    Joined:
    Dec 16, 2010
    Messages:
    1,166 (0.88/day)
    Thanks Received:
    359
    I guess people with Samsung laptops can now finally use them with operating systems other than Windows.
    hellrazor, _JP_ and lemonadesoda say thanks.
  4. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,656 (7.05/day)
    Thanks Received:
    2,972
    Location:
    some AF base
    Go jetway!
    hellrazor, _JP_ and 1c3d0g say thanks.
  5. spectatorx

    Joined:
    May 4, 2011
    Messages:
    49 (0.04/day)
    Thanks Received:
    5
    "Malicous firmware/bios/uefi" a.k.a. firmware/bios/uefi allowing user to do with bought device anything user wish to.
  6. Frick

    Frick Fishfaced Nincompoop

    Joined:
    Feb 27, 2006
    Messages:
    10,436 (3.39/day)
    Thanks Received:
    2,118
    Or, you know, allowing people to install serious malware.
    Fierce Guppy says thanks.
  7. Animalpak

    Animalpak

    Joined:
    Feb 8, 2008
    Messages:
    2,074 (0.88/day)
    Thanks Received:
    542
    So maybe the virus now can be inside the motherboard not anymore on HardDisk ?

    And then how you clean the motherboard bios ? Buying new one ?
  8. _JP_

    _JP_

    Joined:
    Apr 16, 2010
    Messages:
    2,681 (1.71/day)
    Thanks Received:
    734
    Location:
    Portugal
    Yes, it WILL be in the motherboard, not the HDD.
    No. You just have to remove the infected chip out and install a clean one, or just reprogram (with an external programmer) the infected one, just like in the CIH days.
  9. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (5.08/day)
    Thanks Received:
    5,615
    Location:
    Cheeseland (Wisconsin, USA)
  10. theoneandonlymrk

    theoneandonlymrk

    Joined:
    Mar 10, 2010
    Messages:
    3,357 (2.09/day)
    Thanks Received:
    552
    Location:
    Manchester uk
  11. Sabishii Hito

    Joined:
    Jun 27, 2010
    Messages:
    78 (0.05/day)
    Thanks Received:
    6
    I forgot AMI's HQ was only about 20 minutes away from where I live.
  12. Ferrum Master

    Ferrum Master

    Joined:
    Nov 18, 2010
    Messages:
    539 (0.40/day)
    Thanks Received:
    110
    Location:
    Rīga
    good news... I hated that thing... DRM is double edged sword that is implemented in very wrong fashion... shoo shoo get lost... I want to really own the device I buy, not just lend it...
  13. syeef

    Joined:
    Jul 5, 2008
    Messages:
    287 (0.13/day)
    Thanks Received:
    68
  14. Rebel333 New Member

    Joined:
    Jan 12, 2011
    Messages:
    29 (0.02/day)
    Thanks Received:
    6
    This might excellent news, does this mean we are going to see more customizable bios, such as adding memory timings, overclocking CPU, GPU, changing voltages, etc in Samsung laptops?
  15. cadaveca

    cadaveca My name is Dave

    Joined:
    Apr 10, 2006
    Messages:
    13,774 (4.54/day)
    Thanks Received:
    6,858
    Location:
    Edmonton, Alberta
    Nope.


    I've got AMI UEFI editing tools. I posted I had them many months ago.


    When you go to update BIOS, the BIOS is checked if it is "official" BIOS. This is the mechanism that prevents you from flashing BIOS from a different product to your board.


    So, now, someone could write "I LOVE SPAGETTINI" a billion times, and your board would flash it to the BIOS chip, thinking it was a BIOS.


    And I got my softwares off of Jetway's FTP as well. This is hardly new news, honestly, Jetway's FTP was open for a long long time(literally years), as was ASUS's(again, years, you can find lots of posts about it), and several other board makers. Today, all these FTP's are blocked from open public access.


    Seems like Adam Caudill was just looking for some traffic! Publically leaking that key and other infos is very much a dick move.
    _JP_, Kalevalen, Jack Doph and 2 others say thanks.
  16. Jorge

    Joined:
    Jan 5, 2013
    Messages:
    709 (1.24/day)
    Thanks Received:
    75
    It's sad and malicious that some companies are so callous.
  17. PopcornMachine

    PopcornMachine

    Joined:
    Aug 17, 2009
    Messages:
    1,563 (0.86/day)
    Thanks Received:
    459
    Location:
    Los Angeles/Orange County CA
    Well I guess no other hum had done something incredibly insanely stupid today.

    Someone had to step up and do it.

    That's the problems with the keys and certificates and stuff. Good in theory, but you've got to consider the weakest link in the chain.

    Depresses that I too am a member of this ignoble group.

    Ok, rant over. Have a nice day.
  18. Steven B

    Joined:
    Sep 4, 2005
    Messages:
    598 (0.18/day)
    Thanks Received:
    53
    there are some leaked tools out there already that will allow you to flash boards with a BIOS not for that board. However this is great, because now vendors will have to one up their security, i mean do you guys think their security was so low that any motherboard maker could hack eath other's UEFI? Some vendors don't allow such easy access to their UEFI's as they have ot make up their own modules, for instance memory OC profiles is a custom module, as is UEFI profile sharing, and other stuff like that. I mean sure there are some vendors who don't use much security, some very big ones too, but other vendors can put on good security, which will probably become even greater with this.

    I am sure AMI with their nice monopoly will do something about it.
  19. ironwolf

    Joined:
    Apr 6, 2011
    Messages:
    259 (0.21/day)
    Thanks Received:
    31
    Location:
    Pensacola, FL, USA, Earth
    The vendor had the following to say:

    [​IMG]
    syeef says thanks.
  20. MadMan007

    Joined:
    Jun 12, 2009
    Messages:
    139 (0.07/day)
    Thanks Received:
    18
  21. hkbeta New Member

    Joined:
    Apr 8, 2013
    Messages:
    3 (0.01/day)
    Thanks Received:
    1
    great article... or not

    Let me tell you something else. On a public FTP there is the source code for Windows 8. And on the same *public* FTP there is the complete source code for World of Warcraft (all of them). And on another public ftp you can find a program that let's you decrypt any encrypted ZIP and RAR file. And of course there's a FTP where you can find... nevermind, I think you got the point.

    So techpowerup editors please start and write about all of the above, no need for a link to the FTP, if I tell you it's true, then it's true. Or should I write this on a blog to believe me?
  22. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,647 (3.92/day)
    Thanks Received:
    11,389
    You can find the leaked AMI source code yourself, it's not that difficult.
  23. Baum

    Joined:
    Feb 16, 2005
    Messages:
    466 (0.13/day)
    Thanks Received:
    39
    Location:
    Germany,Hannover
    posting a link just poses more risk than use for tpu...
    use your giyf skills or you are wrong here anyway

    well i wasn't able to get the source code myself just to see it out of curiosity :rolleyes:
  24. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,260 (11.35/day)
    Thanks Received:
    13,586
    Location:
    Hyderabad, India
    www.google.com

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page