Cyberattackers are Knocking; Secure the Front Door with BIOS Verification

As Advanced Persistent Threats Rise, Dell’s BIOS Verification Approach Is the Secure Way Forward

Everyone can relate to the experience of booting up a computer – hitting the power button, hearing the startup sound, and ultimately seeing the home screen appear. But even some tech professionals may not be aware of what’s happening under the surface.

illustration - digital padlock

When the CPU is booted up, the first thing it does is communicate with the flash memory on the motherboard to fetch a piece of code called the Basic Input Output System (BIOS). The BIOS’s job is to initialize the motherboard components, chipset and other hardware in the system. The BIOS on modern systems is based on the UEFI specification, however, for the purposes of this post, we will use the more general term BIOS to refer to this system firmware.

This piece of code is highly privileged and trusted by the computer. It’s the first link in the chain of trust that extends from system reset to your applications, e-commerce transactions and everything else you do on your machine. For cybercriminals, this privileged role makes it an enticing target.

If a cybercriminal is able to leverage a vulnerability that allows them access to BIOS-level privilege, it could target your motherboard and potentially cause your OS and hardware components to malfunction.  If an attacker gets this level of privilege it could be difficult to remediate by traditional methods, as the BIOS sits beneath the OS layer. BIOS malware has been shown to persist across hard drive wipes, OS reinstalls and other usual means of eradication.

For these reasons, the BIOS serves as the foundation of other security layers, and protecting it is a vital part of a defense-in-depth strategy. OEMs, security vendors and IT pros employ a variety of methods to protect the BIOS. And as Cylance Principal Research Scientist Alex Matrosov discussed in a recent Black Hat presentation, Dell’s strategy is among the most comprehensive, including BIOS Lock Enable (BLE), SMM BIOS Write Protection (SMM_WP) and numerous other methods of BIOS protection that our competitors either don’t offer at all or don’t offer to the level of sophistication that Dell does.

Another technology that sets us apart from other OEMs is our BIOS verification approach.

BIOS verification tests the integrity of the BIOS before it executes, and can restore a known good copy when necessary. The difference from other vendors is that we use a secure cloud environment to compare and test an individual BIOS image against the official measurements held in the Dell BIOS lab. By conducting this test on an off-device environment, users can be assured that the post-boot image is not compromised as the testing takes place in a secure cloud platform and not on a potentially infected device.

Some OEMs have tried to take a self-contained approach to verification by including a shadow copy of the BIOS on the motherboard and pre-boot code that checks the BIOS against the shadow copy. The problem with this method is that the “known good” BIOS copy lives on the potentially compromised hardware. So, if cybercriminals have tampered with the copy to match the compromised BIOS, it will make it difficult to see that an attack has even happened.

Dell’s approach addresses these challenges in a more reliable way, employing a level of security that will detect modification to the BIOS even if a cyberattacker has gained physical control of the motherboard.

The combination of data encryption and advanced threat prevention in one security suite with the added security of off-host BIOS verification provides a three-tier approach for securing data and ensuring overall system security and integrity both above and below the OS. This feature is available on all Dell commercial PCs running Intel 6th generation processors or higher with a Dell Endpoint Security Suite Enterprise license.

The only thing evolving as quickly as today’s workforce are the cyber threats it faces. BIOS is the foundation for your most precious data and cyberattackers are knocking – will you be protected?  Learn more about keeping your Dell BIOS up to date in our knowledge base article.

About the Author: Chris Burchett

Chris Burchett is Vice President of Client Security Software at Dell. In this role, he is responsible for the engineering and delivery of the Dell Data Security portfolio of solutions including Dell Encryption, Dell Data Guardian and Dell Endpoint Security Suite Enterprise. Chris also works with technology and business leaders across Dell to determine security product, technology and architecture strategy for Dell’s future security products for areas such as Advanced Threat Protection, Next Generation Data Protection, Encryption, Key Management, Security Analytics, Data Discovery, Data Classification and other related areas. Chris was the founding technology leader and served as Chief Technology Officer of Credant Technologies, which was acquired by Dell in 2012.