- Jul 22, 2014
- 2,525
Intel Security, soon to be rebranded as McAfee again, released on Wednesday a scanner that can identify hidden EFI firmware rootkits.
Intel said it decided to release the scanner after the recent WikiLeaks Vault 7 dump, which contained documentation files and manuals on hacking tools stolen from the CIA.
CIA working on EFI rootkits for Apple computers
The WikiLeaks Vault 7 documents revealed the CIA was working on two EFI rootkits at the time the files were stolen (allegedly by contractors and hackers).
The first project is named DerStarke, which the CIA describes as an "Apple EFI implant via flash unlock," while the second is named QuarkMatter, and is an "Apple EFI implant via EFI system partition."
While there's a little more information on the first, the second project appears to have been under active development, as the only information on QuarkMatter was a project objective:
Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant.
EFI/UEFI stands for "Unified Extensible Firmware Interface," and is a specification evolved from the old BIOS standard. Its role is the same, which is to assist with the initialization of hardware components while booting up the operating system.
........
Intel said it decided to release the scanner after the recent WikiLeaks Vault 7 dump, which contained documentation files and manuals on hacking tools stolen from the CIA.
CIA working on EFI rootkits for Apple computers
The WikiLeaks Vault 7 documents revealed the CIA was working on two EFI rootkits at the time the files were stolen (allegedly by contractors and hackers).
The first project is named DerStarke, which the CIA describes as an "Apple EFI implant via flash unlock," while the second is named QuarkMatter, and is an "Apple EFI implant via EFI system partition."
While there's a little more information on the first, the second project appears to have been under active development, as the only information on QuarkMatter was a project objective:
Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant.
EFI/UEFI stands for "Unified Extensible Firmware Interface," and is a specification evolved from the old BIOS standard. Its role is the same, which is to assist with the initialization of hardware components while booting up the operating system.
........
