UEFI is a rich crapware repository.

I posted about a system API inside of Microsoft Windows that allows OEM to put in unremovable software that resides in the UEFI of motherboards.  UEFI is the new “BIOS”.  The possibilities for UEFI problems have been known since at least 2012 as this google search shows.

I have a client who uses laptops to run their audiology hearing testing equipment.  We recently had to replace one of the laptops with a newer one manufactured by HP because the system requirements outgrew what the old laptop could handle.  A month in the equipment began giving audio synch errors complaining about an Intel driver and saying the MIcrosoft usb 3 driver should be installed.  i removed the Intel driver and let the Microsoft one come back into place.  About a week later not only is the error back but so is the Intel driver.  No drivers were installed by the client and Windows 7 does not install drivers by default.  I went back and removed the Intel driver and let the MIcrosoft driver come back and this time I told the client the instant it comes back let me know as I am was running monitoring software that should tell me where this mystery Intel driver was coming from.  Sure enough about a week later the error and driver are back.  I got nothing from the software..it didn’t see the driver until after it installed itself and the system restarted.  No trace logs…nothing.  I called HP(waste of time) and then I called MIcrosoft(I was hoping my partner status would get me SOMETHING useful in terms of support.)  This first tech had no idea how that could be happening and to his credit said he had never heard of this before outside of malware….then I discovered something else very interesting.

Look at this post I made back in 2015.  I went back to my blog here and searched for uefi wondering if I had posted something about this odd behavior and I ran across this post.  That’s when the light bulb went off.  I restarted the laptop and looked inside the firmware….and there it was.  A setting that forces the install of the Intel usb3 driver from the UEFI firmware area.  I could have reformatted the laptop and this driver would have been forced in there…via the same Microsoft’s Windows Platform Binary Table that Lenovo used to install what I would consider crapware onto their systems.  Once I disabled this there was no more forced installs of the Intel USB3 driver and the audiologist was able to conduct business without further incident.  Considering it took me three visits this cost the practitioner a substantial chunk of change for my time as well as loss of revenue because of the problems this caused.

If your computer or mobile device is acting up it may not have a real virus it could be manufacturer forced software.  You can bet malware is going to be using this as security researchers have shown a different vulnerability for this sort of thing.  Gigabyte is releasing fixed UEFI updates for the two products known to be vulnerable.  Of course Microsoft has given them a much easier way to do this kind of nefarious business.