Question Can BIOS Virus be transmitted outside of BIOS update?

[Justcicia]

İyi günler. BIOS virüsü hakkında bilgi edinmek istiyorum ve bu yüzden bana bu forumu önerdiler. Şimdi birkaç sorum var:
-Can BIOS viruses be transmitted outside of a BIOS update?
And if this BIOS virus infects disks or usb or connected devices from BIOS:
-Can it jump directly to the BIOS of the devices?

-Can it infect the BIOS without an update?

-Can it throw itself into the BIOS with an update?

-Can it update the BIOS when it looks like a normal file and opens it?

-Ya da normal bir dosyaya rastladığımızda ve o dosyayı çalıştırdığımızda, çalıştırmasak bile, o dosyayı çalıştırdığımız için BIOS'u güncelleyerek virüs bulaşabilir mi? En doğru bilgiyi almak istiyorum, bu yüzden bu işte gerçekten uzman biri yardımcı olabilirse sevinirim.

 

[Justcicia]

Actually, I don't really have a problem. I wrote this above, in case it exists because of what I wrote in one of my messages, but if I don't understand or if the virus doesn't make me notice. @hotaru.hino

 

[hotaru.hino]

So to summarize everything here:

Can a virus infect BIOS?
Only if it's targeting it. However, while BIOS can be updated from the OS (I get firmware updates for my laptops via the OS's update mechanism), I'm not sure how easy it actually is for a virus to infect it. Also a virus can't do much unless it gains elevated privileges, which in Windows is when a UAC prompt shows up.

The most common way to infect BIOS is to trick someone into installing an already infected update file.

Can I detect if a virus has infected BIOS?
If the BIOS is already infected, probably not since most antivirus software won't or can't scan the actual BIOS on the assumption it's safe. It might be able to detect an infected update file though.

Will a virus in BIOS infect other hardware?
Only if that's part of what it does. But a virus won't, for example, move out of the BIOS into something else to hide or something. As mentioned, BIOS is relatively safe from antivirus scanning, so there's no need to move out of it.

How can I make sure I won't get a BIOS infection?
Make sure you get BIOS from trusted sources, such as the manufacturer of the motherboard or through an OS update mechanism.

Also if you have Secure Boot enabled (if your system supports it), then this requires a BIOS that is properly signed to be used. "Properly signed" means the BIOS has been vetted by a trusted authority. Infected BIOSes won't go through this vetting process so Secure Boot will prevent them from being used.

If I have an infected BIOS, how can I get rid of it?
You have to assume the virus disabled the update feature, which would get rid of it because the update feature completely wipes out the BIOS for the new version. So the only way to get rid of it is to remove the chip the BIOS is on with a new one.

Overall though...
Don't update BIOS unless you actually have a need to do so. Doing this will basically prevent infections since as mentioned before, the most common way to infect BIOS is to trick you into installing an already infected one.

 

[Justcicia]

1. So it doesn't matter if secure boot is turned on on a device infected with BIOS virus?



2.Does it infect other devices? In the title "Only if it's part of what he's doing." you wrote. What exactly are you trying to say here?


3.Can the BIOS virus be completely removed with the update? Most people I asked said they weren't deleted for various reasons.


4. And what can this BIOS virus do when it infects me? @hotaru.hino

 

[hotaru.hino]

1. So it doesn't matter if secure boot is turned on on a device infected with BIOS virus?

Secure boot can't save you if the device is already infected.

2.Does it infect other devices? In the title "Only if it's part of what he's doing." you wrote. What exactly are you trying to say here?

What a virus does can vary. Having a virus doesn't automatically mean it infects other things or it wipes your hard drive or whatever. It's like saying having a cold virus also destroys your kidneys because you have "a virus." It just depends on what the virus actually does.

3.Can the BIOS virus be completely removed with the update? Most people I asked said they weren't deleted for various reasons.

If the virus actually lets the update mechanism go through, then yes.

4. And what can this BIOS virus do when it infects me? @hotaru.hino

Either replace the BIOS chip with a compatible one or get a new motherboard.

And you should assume the OS is also compromised so you shouldn't boot into it. I would say plug the storage drive in using an external USB adapter, preferably into different type of OS (so if the drive is Windows based, boot into Linux), and wipe the drive from there.

 

[Justcicia]

1. I did the update and it completed successfully. When the system restarted, I went into the BIOS and saw that a setting I made was back to default. Has the update taken place? And some said that as soon as it was deleted for sure. Will it be deleted for sure or is there a possibility that it will not be deleted?



I don't think I can change it because it's a laptop.

And not which ones it affects,

Can it steal data from me?

Can it access my microphone or camera? etc. Can you do things like @hotaru.hino

 

[ex_bubblehead]

OK, this has gone on long enough. @Justcicia unless you have some proof of a virus living in your BIOS it is highly unlikely that it is infected. In the unlikely event that one does then destroy that motherboard and get a new one.

Closing this now.