ZD Net reports the researchers demonstrated the code on three systems; one with Windows, another one with OpenBSD and also a PC running VMware Player.
“It was very easy. We can put the code wherever we want,” said Ortega. “We’re not using a vulnerability in any way. I’m not sure if you understand the impact of this. We can reinfect the BIOS every time it reboots.”
Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope. But the methods are deadly effective and the pair are currently working on a BIOS rootkit to implement the attack.
“We can patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable anti-virus,” Ortega said.