Noobs can pwn world’s most popular BIOSes in two minutesMarch 20, 2015 – 7:16 PM
Millions of flawed BIOSes can be infected using simple two-minute attacks that don’t require technical skills and require only access to a PC to execute.
Basic Input/Output Systems (BIOS) have been the target of much hacking research in recent years since low-level p0wnage can grant attackers the highest privileges, persistence and stealth.
“Because almost no one patches their BIOSes, almost every BIOS in the wild is affected by at least one vulnerability, and can be infected,” Kopvah says.
“The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable.
“The point is less about how vendors don’t fix the problems, and more how the vendors’ fixes are going un-applied by users, corporations, and governments.”
Kopvah and Kallenberg’s talk aims to both highlight the dangers and capabilities of BIOS attacks and the need for system administrators to apply vendor patches, something which they say is not being done.