NSA hacked Dell PowerEdge server BIOS

NSA hacked Dell PowerEdge server BIOS

Summary: The latest NSA leak describes DEITYBOUNCE, a tool for flashing malicious BIOS on Dell servers. The doc is from 2007 and such attacks would be much harder now.

TOPICS: Security, Dell

Latest to leak from the NSA files of Edward Snowden is a description of DEITYBOUNCE, which the document says "provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads." The image of the document is embedded below.

The attack, as described, is performed manually with a USB key, apparently utilizing Autorun bugs made infamous by Stuxnet. Once implanted in the system BIOS the tool will drop the payload in the host OS at boot time.

The document is dated January 2007 (same as the iPhone hack document), and the attacks described in it are certainly much more difficult, if at all possible today. The specific attacks clearly won't work, as they are targeted at "Microsoft Windows 2000, 2003, and XP. It currently targets Dell PowerEdge 1850/2850/1950/2950 RAID servers, using BIOS versions A02, A05, A06, 1.1.0, 1.2.0, or 1.3.7."

Even if the NSA went to the trouble of updating the attacks for minor changes in operating systems and firmware, current technologies have the ability to thwart this form of attack. UEFI (Unified Extensible Firmware Interface), along with Secure Boot apply a PKI-based authentication system for code running on the computer. Unless they had access to the keys, the NSA shouldn't be able to flash malicious BIOS on a system so-equipped. Dell and Microsoft have supported UEFI and secure boot for many years. System certification for Windows 8 actually requires UEFI and secure boot to be enabled by default using a Microsoft private key.

Hat tip to security legend Bruce Schneier.



Topics: Security, Dell

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Hmm

    Wonder if this was as successful as their 100% success rate hack against apple products?
    • It shows that the NSA wants to get inside Dell gear

      Even though the document is old, it shows the NSA's intention.

      The NSA wants to get inside Dell computer equipment. It leaves no doubt that the NSA will still be trying to get inside Dell computer equipment, even if it has to use different means today.

      Either the NSA uses different methods, or maybe one of these tech companies has given the NSA the key to the door.

      Do you think famous American tech companies would do such a thing, and give the NSA the keys?

      Yes. We've already seen it before. Microsoft gave the NSA its keys:
      • True

        And remember, these servers aren't replaced half as often as a desktop or tablet equivalent.
    • USA gov= fascists

      "experts say NO to the US government" USgovNo!
      don't work for bloody money, for evil, for murderers, for liars = USA government
      you're helping evil, work for good purposes, not just for money dirty from blood
      Jiří Pavelec
  • 10 years from now...

    So the question is this: 10 years from now will we be lamenting how the NSA destroyed the American tech sector (and a huge portion of the U.S. economy) by fostering fear and loathing of us tech products and technology? I used to think that the damage that Al Qaeda did to the nation paled in comparison to the damage that the Bush administration did in its ham handed, poorly thought out, knee jerk reaction to the events of 9/11 (I still do, actually). But the revelations of ubiquitous NSA backdoors into domestic commercial products and applications has the potential to devastate our economy in much more significant ways. Once the rest of the world loses trust in American technology, how on Earth do we recover? How do we restore that lost faith? The sheer arrogance and hubris is astonishing!
    • Well said but...

      Judging from the position Europe, Brazil, and other countries are taking now, it's not hard to predict the US IT economy would be devastated in the next 3 to 4 years... not 10 years.
  • 2007 !!!

    what year is it now?

    its really becoming a "THE SKY IS FALLING" with the NSA now days right!..
  • This is becoming rediculous

    I think someone is sitting somewhere with Paint and making new leaks.
    Dreyer Smit
  • Yeah, UEFI is way more secure...

    Because they would have to get one of those special techie nerdy gizmo thingies... whatsit called? Oh, yeah, a "key" from Microsoft. They're really hard to get too, you have to fill in 7 fields (two of them check boxes) on a whole front side of a one page form, enclose your check for fifty bucks and your golden baby! For even more laughs, read the TRUST-E (Microsoft is the Founder and "watchdog" for this pseudo-privacy group) requirements to display the TRUST-E logo on your site - awesome double speak that really says we collect everything, hand it out to all our partners in exchange for whatever they have, and are not responsible and are not required to even notify you if one of the partners happens to be a fraud.