BIOS Hack Detection Added To Dell Enterprise Security Suite

With millions of machines potentially vulnerable to attacks on their BIOS firmware, Dell has introduced a verification tool designed for enterprise IT to monitor user's machines and intervene if an attack is detected. The cloud-based tool takes a different approach than other BIOS offerings on the market.

Larry Loeb, Blogger, Informationweek

February 9, 2016

4 Min Read
<p align="left">(Image: nikauforest/iStockphoto)</p>

10 Stupid Moves That Threaten Your Company's Security

10 Stupid Moves That Threaten Your Company's Security

10 Stupid Moves That Threaten Your Company's Security (Click image for larger view and slideshow.)

Hacking a Basic Input/Output System (BIOS), the firmware that runs when a computer boots up, was once considered a capability strictly limited to the domain of secretive government agencies. But last year, security researchers found that millions of machines contain basic BIOS vulnerabilities that let anyone with moderately sophisticated hacking skills compromise and control a system surreptitiously, according to Wired.

On Feb. 4, Dell announced the availability of a cloud-based security tool designed to protect a computer's BIOS by verifying its integrity after bootup. The post-boot BIOS verification tool will be integrated on Dell commercial PCs with the purchase of the Dell Data Protection | Endpoint Security Suite Enterprise license. According to a Dell spokesperson, pricing is dependent on volume licensing.

The new tool will use a cloud-based environment to compare and test individual BIOS images against official images held by Dell in its BIOS lab. When deployed in an enterprise, the tool doesn't interfere with individual users' ability to boot their machines. Rather, if a problem is found, the customer's IT administrator will get an alert and the organization can choose how to handle it.

[ Which technologies will matter most to IT this year? Read Hot Tech Trends To Watch In 2016.]

Here's how Dell described it in a prepared statement:

The new BIOS verification functionality uses a secure cloud environment to compare and test an individual BIOS image against the official measurements held in the Dell BIOS lab. By conducting this test in an off-device environment, users can be assured that the post-boot image is not compromised as the testing takes place in a secure cloud platform and not on a potentially infected device. The verification helps extend security throughout the entire device lifecycle and provides greater visibility for administrators wanting to stop malicious BIOS attacks.

The BIOS verification feature is initially available on Dell's commercial PCs with a 6th Generation Intel chipset. These include the Latitude PCs, recently announced at CES, as well as select Dell Precision, OptiPlex, and XPS PCs. Dell Venue Pro tablets will also get the BIOS check when the enterprise security suite is purchased.

In November 2015, Dell integrated artificial intelligence and machine learning technology from Cylance into its Dell Data Protection | Endpoint Security Suite Enterprise. The suite is available for Dell commercial PCs and can be used as a security tool across heterogeneous IT environments. Although the Cylance and BIOS tools are currently only available for Dell Data Protection | Endpoint Security Suite Enterprise customers, a Dell spokesperson told InformationWeek, "We are evaluating expanding this to a larger part of the Dell portfolio in the future."

Dell's Brett Hansen, executive director of data security solutions, said in a prepared statement, "With new malware variants possessing the ability to reinstall themselves within the BIOS, organizations need a more sophisticated way to know that their systems have not been compromised. Dell's unique post-boot BIOS verification technology for its commercial PCs gives IT the assurance that employees' systems are secure every time they use the device."

Hansen may be referring to the revelations that came out of the Hacking Team documents that were uncovered in July 2015. Trend Micro said at the time that "Hacking Team uses a Unified Extensible Firmware Interface (UEFI) BIOS rootkit to keep their Remote Control System (RCS) agent installed in their targets' systems. This means that even if the user formats the hard disk, reinstalls the OS, and even buys a new hard disk, the agents are implanted after Microsoft Windows is up and running."

Other efforts have been made to address this sort of PC vulnerability. Intel provides a system management tool that can protect the boot layer in PCs. Using this tool, administrators can remotely start a PC, fix the boot layer, and then shut down the PC. HP has included a secure boot tool in PCs, but it is aimed at individual users. Dell has extended these tools to the enterprise arena, where they have not been seen before.

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

About the Author(s)

Larry Loeb

Blogger, Informationweek

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange. His first Mac had 128 KB of memory, which was a big step up from his first 1130, which had 4 KB, as did his first 1401. You can e-mail him at [email protected].

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights