03 Jan 2014

NSA Hacks Dell PowerEdge Server Bios

The latest Edward Snowden NSA leak revealed a malicious flashing tool for Dell BIOS servers called DEITYBOUNCE, according to ZDNet.

The breach, as reported, is made to be performed manually using a USB key via Autorun bugs. The tool will drop a payload on the host operating system during boot after it is implanted in the BIOS system.

The software "provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads," according to the description of DEITYBOUNCE.

The targeted operating systems are "Microsoft Windows 2000, 2003, and XP. It currently targets Dell PowerEdge 1850/2850/1950/2950 RAID servers, using BIOS versions A02, A05, A06, 1.1.0, 1.2.0, or 1.3.7."

This document was leaked at the same time as the iPhone hack document, code-named DROPOUTJEEP.