>BERSERKR is a persistent backdoor that is implanted into the BIOS and runs from SMM
Yeah that sucks.. the BIOS is never out of the picture thanks to the SMM. Intel should find an alternative solution for the minor functions provided by the SMM (APM, thermal management, etc.).
Also from wiki: "Due to this fact, it is a target for malicious rootkits to reside in,[10][11][12] including NSA's "implants"[13] which have individual code names for specific hardware, like SOUFFLETROUGH for Juniper Networks firewalls,[14] SCHOOLMONTANA for J-series routers of the same company,[15] DEITYBOUNCE for DELL,[16] or IRONCHEF for HP Proliant servers."
And using the TPM may not help you:
>TPM Vulnerabilities to Power Analysis and An Exposed Exploit to Bitlocker
"The ability to obtain a private TPM key not only provides access to TPM-encrypted data, but also enables us to circumvent the root-of-trust system by modifying expected digest values in sealed data. We will describe a case study in which modifications to Microsoft's Bitlocker encrypted metadata prevents software-level detection of changes to the BIOS"
Though it sounds like they need physical access to do this.
You know what the solution to this is? Replace your damn equipment all at the same time :). Just make sure to implement some good hygiene pretty quickly.
Attackers would have to go through the entire process of phishing you again to be able to do any rootkit level stuff again.
Yeah that sucks.. the BIOS is never out of the picture thanks to the SMM. Intel should find an alternative solution for the minor functions provided by the SMM (APM, thermal management, etc.).
Also from wiki: "Due to this fact, it is a target for malicious rootkits to reside in,[10][11][12] including NSA's "implants"[13] which have individual code names for specific hardware, like SOUFFLETROUGH for Juniper Networks firewalls,[14] SCHOOLMONTANA for J-series routers of the same company,[15] DEITYBOUNCE for DELL,[16] or IRONCHEF for HP Proliant servers."
And using the TPM may not help you:
>TPM Vulnerabilities to Power Analysis and An Exposed Exploit to Bitlocker
"The ability to obtain a private TPM key not only provides access to TPM-encrypted data, but also enables us to circumvent the root-of-trust system by modifying expected digest values in sealed data. We will describe a case study in which modifications to Microsoft's Bitlocker encrypted metadata prevents software-level detection of changes to the BIOS"
Though it sounds like they need physical access to do this.