Robin’s Newsletter #247

12 March 2023. Volume 6, Issue 11
BlackLotus malware can circumvent Secure Boot, infect UEFI. The FBI has been buying US citizen's location data. People are better at identifying fake news if you pay them.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

BlackLotus UEFI rootkit

  • Researchers from ESET announced on Wednesday that they’ve identified malware that’s able to circumvent Secure Boot. The malware targets UEFI (Unified Extensible Firmware Interface) — the code that runs when you first power your computer — and can disable advanced protections built into the most recent versions of Microsoft Windows.
  • To be successful, the attackers first need administrator access to the device then Secure Boot is circumvented using CVE-2022-21894. By hiding in the UEFI, the malware isn’t visible to typical security tools, and it also has privileged access to all of the device’s functions.
  • Unlike previous UEFI malware, which you could thwart by enabling Secure Boot, BlackLotus does not persist after reinstalling the operating system. In future, I’d expect to see this change, making it difficult to remove an infection (the type of persistent access that intelligence agencies covet). This technique may prove attractive to ransomware gangs, who could hold the devices hostage, forcing victims to decide between paying up and replacing their entire fleet of devices.

The FBI is buying location data, avoiding getting a warrant

  • The Federal Bureau of Investigation has admitted that it has previously purchased location data on US people, rather than following the process of obtaining a warrant for the information, in a move that privacy experts say is ‘deeply problematic’
  • A ruling previously determined that purchasing location data — typically from brokers and advertisers who hoover up the information from free apps — violated the Fourth Amendment’s guarantee against unreasonable searches. A loophole allows the purchase of data from commercial sources that the FBI, and other government agencies, would otherwise not ‘lawfully’ be able to obtain using a warrant.

Interesting stats

People are better at identifying misinformation if you offer them a small incentive: 10.4/16 the rating of stories accurately identified headlines as true or misinformation in a control group, increasing to  11/16 when a minimal payment incentive was offered, according to researchers from the University of Cambridge.

Other newsy bits

And finally

Robin

  Robin's Newsletter - Volume 6

  BlackLotus UEFI / BIOS Secure Boot Federal Bureau of Investigation (FBI) Data broker Privacy Geolocation Misinformation