BIOS Rootkit
What is BIOS Rootkit?
BIOS RootkitA rootkit that infects legacy BIOS firmware so it executes before the operating system, achieving deep persistence below the OS.
A BIOS rootkit modifies the legacy Basic Input/Output System (BIOS) — the firmware that ran on x86 systems before UEFI became standard — to gain control during early boot. Because the BIOS executes before any operating-system protections, the rootkit can disable security tooling, hide other malware, and re-infect a freshly installed OS. Successful infection typically requires kernel-level privileges to flash the chip, a misconfigured flash protection, or supply-chain access. Defences include moving to UEFI with Secure Boot, vendor flash-protection mechanisms, signed firmware updates, BIOS write-protect features, integrity attestation, and physical and supply-chain controls for hardware. Modern systems have largely replaced BIOS rootkits with UEFI implants.
● Examples
- 01
Mebromi, an early BIOS rootkit that infected the system firmware to reinstall malware.
- 02
Computrace-style anti-theft modules abused as a persistence mechanism.
● Frequently asked questions
What is BIOS Rootkit?
A rootkit that infects legacy BIOS firmware so it executes before the operating system, achieving deep persistence below the OS. It belongs to the Malware category of cybersecurity.
What does BIOS Rootkit mean?
A rootkit that infects legacy BIOS firmware so it executes before the operating system, achieving deep persistence below the OS.
How do you defend against BIOS Rootkit?
Defences for BIOS Rootkit typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for BIOS Rootkit?
Common alternative names include: Legacy firmware rootkit.