Phoenix BIOS Phones Home?

Myrv writes: "There is an interesting thread over at DSL Reports discussing Phoenix Technologies new BIOS. This BIOS contains the PhoenixNet Internet Launch System . ILS resides safely within ROM and is activated the first time a user launches a PhoenixNet-enabled PC with a Windows 98 Operating System. When the PhoenixNet ILS detects an Internet connection, it makes contact with the PhoenixNet server and delivers user-selectable services. These services are delivered to the user as hotlinks on the desktop and in the web browser or, as applications that PhoenixNet automatically packages, downloads and installs. It's 3 a.m., do you know who your motherboard's talking to????" We've gotten a couple of submissions about this - another submitter pointed out this thread and this description by Phoenix. Phoenix has apparently been kicking this idea around for a while - see this old Slashdot story. Does anyone have any more information?

The only safe computer is an unplugged computer.

According to the thread linked to in the story, if the computer boots up with a cool new screen, it's probobly this new BIOS.

The following venders have signed up: AOpen, Chaintech, ECS, EpoX, Giga-Byte, Jetway, Legend-QDI, MSI, Soltek and Zida. Notice no ABit :)

<possible troll> (but I don't think so...)
It was interesting to read in that thread also, that this could bypass the OS level networking code, and use it's own stuff. I don't think I could imagine the destruction that would be cause by millions of PCs with a backdoor/hole/bug in their firmware, that could easily be remotely exploited. If you thought DDOS attacks were bad now, you ain't seen nothing yet.
</possible troll>

I didn't notice anything about being able to actually turn this off in the BIOS. There is allready talk of using a hex editor to disable it... Just what we need, buggy roms because the vendor does what people don't want.

OpenBIOS / LinuxBIOS

Unfortunately it looks like OpenBIOS [linux.de] hasn't updated in 14 months, and it's hard to tell if they ever actually achieved anything ...

The LinuxBIOS project [lanl.gov] (http://www.acl.lanl.gov/linuxbios/) looks more promising (originally covered in this slashdot article [slashdot.org] ...

Inevitable progression

With tux running in the kernel, it was only a matter of time before we had the next step: web server in the BIOS.

I smell innovation. Thanks Phoenix!

< tofuhead >
--

It is not automatic

This "feature" is built into the bios of my new AMD Thunderbird motherboard, the Iwill KK-266 (nice MB by the way). Its not quite as evil as this article suggests. It is an attempt to get you to sign up with their ISP.

Unless you activate it within the bios "phoenixNet-enabled PC" and agree to their ISP partnery, you never hear a word from the program. It sits quitely on your bios and never contacts the mothership ;-)

Also from my mother board manual:

1. User reads system information from graphic launch screen

2. User registers MS Windows and completes MS OOBE.

3. User accepts/Rejects PhoenixNet service

4. User accepts/Rejects PhoenixNet ISP Partnery

5. PhoenixNet and ISP icon appear on desktop.

IBM's been doing this for years

IBM's low-end hardware doesn't do this, but very nearly all the big iron does. Starting with the RS/6000 (Which isn't a whole lot more than a Power Macintosh) and going all the way up the product line, the systems are designed to call home on a regular basis and report what hardware is installed on their system.

Some machines require this data to be in the database so that hardware engineers can enable upgrades on your system. For example, you can get an S/390 with some of the processors turned off and it'll cost you less. Then, if you expect processing to hit a peak (Like, around Christmas maybe, if you're a retail outlet) you can pay IBM some money and they'll enable the other processors for a limited period of time. Several of the disk array products work the same way. You can buy an 11 terabyte array and only want to use 1 terabyte of it. You can turn on more disk storage as you need it and you get billed for the extra storage as you turn it on. If the machine doesn't report back when it's supposed to, a friendly IBM CE will visit to repair your defective device. I don't know what those guys bill out at. Used to be $120 an hour.

Unlike the desktop segment of the population, IBM and its customers view this as business as usual, allowing IBM to deliver faster and better service to the customer. Sure it means IBM has more control over the system than it otherwise would have, but the customers often don't want to be bothered with the thing anyway. They just want it to work. They're paying a premium for just this feature as well as the IBM brand name.

Really very dangerous!

Hmm, it seems no-one at Phoenix is aware of those viruses that can flash a user's BIOS. Sure, mostly they just wipe it, but what if a virus is written to get the BIOS to do something more useful. Like, ooooh, say, connect to a cracker's server and download/install some sort of crack or backdoor (Back Orifice or similar).

I doubt this is beyond the realms of possibility, and once some clever hack has figured out how to do it the skript kiddeez will soon get hold of it. Hell, maybe it could even be tagged onto a VB app and turned into an Outlook worm - cue millions of cracked boxen that can only be made safe by flashing the BIOS, and how many regular (i.e. non /. visiting) users have the first idea how to do that?

Please someone tell me if I'm just scaremongering here (and give details), but I do genuinely believe this is a problem waiting to happen.

Here's How To Disable It.

Easiest way is to not run windows.

But if you must, here's how to remove it. Uninstall Phoenix net in the windows, and in the bios change Phoenix net from installed = yes to No.

Phoenix net is installed when you install the drivers from the motherboard and you go with the defaults rather then choosing your own options.

From the manual

4.1 PhoenixNet Introduction

PhoenixNet is a service that provides PC users with best-of-breed, free, software services to support their PC hardware and software and to turn their computer into a powerful tool for communication,entertainment, education and business.

4.1.1 Internet Launch System The PhoenixNet Internet Launch System (ILS) is a patent-pending technology built into the firmware to enable online PC users worldwide to communicate with PhoenixNet and to receive the free PhoenixNet services. ILS resides safely within ROM and is activated the first time a user launches a PhoenixNet-enabled PC with a Windows 98 Operating System.

4.1.2 PhoenixNet Online Services When the PhoenixNet ILS detects an Internet connection, it makes contact with the PhoenixNet server and delivers user-selectable services from PhoenixNet's Internet Partners. These services are delivered to the user as hotlinks on the desktop and in the web browser or, as applications that PhoenixNet automatically packages, downloads and installs.

Why They Do It

I'm surprised that no one has already posted this.

Microsoft has placed very strict limits on what customizations vendors can do on systems before they ship. Microsoft wants Windows to control the horizontal and the vertical. Well, there's another player in town with a pretty large market share, and the tactical high-ground: Phoenix. The BIOS rules the machine, not Windows. I'm positive that this feature was requested by the systems vendors, and it's just a case of them fighting back against one of their suppliers who has gotten a bit too pushy.

"Theft of services"

Using your processing cycles, bandwidth, and connection time for their own purposes? Sounds like "Theft of computers services" to me. It would be interesting to see that used *against* corporate computer stupidity.

steve

Funny story about this...

I wasn't sure I wanted to post this, because it could possibly give away my "secret identity", but...

A friend of mine is reasonably high up at Phoenix. He had been working on a "secret project" that he wouldn't tell me anything about, but he told me that it was going to be big. Of course, I badgered him for information, but he wouldn't tell.

Well, I had lunch with him one day not long after PhoenixNet was announced. I asked him, "so what's up with this PhoenixNet thing?" He replied, "what do you think of it?"

I then went on to totally trash the idea, saying why it wouldn't work, that people wouldn't stand for their BIOS downloading advertising, on and on. I railed on for quite a while. I might've even called it a "stupid idea".

Then I said, "hey wait a minute... is this the secret project you've been working on??"

He said, "Yes. It was my idea."

Oops. I kind of grinned sheepishly. Huge case of "open mouth, insert foot."

--

BIOS spying on you

http://home.phoenixnet.com/privacy/pcusers.html [phoenixnet.com]
This is bios level spying and advertising, even from Phoenix's partners. I think most users will not even know it is installed (by default). The only way to get rid of it is flashing your bios, which is quite a dangerous operation for the common user

BOFHism....

Hmmmm, what did you say your Phoenix Technologies BIOS serial # was?

clickity-click

Oh dear, looks like your hard drive has been disabled. No, I can't fix it from here, but I have a friend who lives by you and could fix it in his spare time, he charges about $200/hr. Uh-oh, looks like one of your RAM chips just went!

This is due to Microsoft monopoly

I must admit I'm having trouble fathoming just how this works. But I know why Phoenix has done this.

Remember the Microsoft anti-trust trial? One detail that emerged was that Microsoft does not permit OEMs to perform modifications to the desktop, startup sequence, etc. This means that the OEMs can't give the user a "custom experience" or differentiate their machine from others using Microsoft's software.

This Phoenix BIOS trick lets OEMs skirt the Microsoft OEM license by performing the customization after the user has the machine.

So, in one way, I say "kudos" to Phoenix for figuring out how to subvert Microsoft's restrictive OEM licensing agreements in this way.

On the other hand, I'd like to understand more technical details of the feature, whether it could bite me while I'm trying to use Linux, etc. Has anybody turned up relevant patents?

Another good (safe) summary of PhoenixNet

CounterExploitation's summary of PhoenixNet [cexx.org]

It sums up everything, and also contains key (annotated) paragraphs from the PhoenixNet site (so if you're too afraid of evil scripts to visit the PhoenixNet site, you can see it safely from this site). The main page of cexx.org [cexx.org] (no relation to anything disgusting; it stands for Counterexploitation) has other helpful and interesting pages about spyware, foistware, backdoors, scams, and such. Most of it pertains to Windows, but there's some other cross-platform/no-platform topics there (including a way to make the CueCat output raw barcodes without requiring any software intervention [cexx.org].)

Yet another reason...

Yet another reason to switch to OpenBIOS [linux.de].