In July 2013, MITRE released Copernicus, a tool to allow users to check on whether their BIOS is writable, and, if so, export a copy for inspection. This was the first tool that made it easy to check the BIOS on Windows machines throughout an enterprise. We even deployed it to over 8,000 internal systems (and we encourage interested organizations to work with us to pilot it in their own enterprises).
However, like many security tools, we were aware that Copernicus had limitations, and a motivated attacker could get around its detection mechanism. Beyond any tool-specific limitations, we eventually realized too that it's possible to defeat all software-based BIOS capture systems. This applies to not only Copernicus but any similar tool: an attacker can exploit the way that software reads the BIOS flash chip off the SPI bus. To see this more clearly, read the deep dive that follows. http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/playing-hide-and-seek-with-bios-implants
However, like many security tools, we were aware that Copernicus had limitations, and a motivated attacker could get around its detection mechanism. Beyond any tool-specific limitations, we eventually realized too that it's possible to defeat all software-based BIOS capture systems. This applies to not only Copernicus but any similar tool: an attacker can exploit the way that software reads the BIOS flash chip off the SPI bus. To see this more clearly, read the deep dive that follows. http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/playing-hide-and-seek-with-bios-implants