base20 | 4 years ago | on: Twitter Client for UEFI
base20's comments
base20 | 4 years ago | on: Twitter Client for UEFI
Ya'll ain't seen nothing yet. For a time the leading UEFI vendor, Phoenix Technologies, had a web browser in their UEFI BIOS. Some photos from WinHEC 2005 can be seen here: https://www.anandtech.com/show/1670/8
This was part of their "eBetween" UEFI BIOS that enabled them to show ads during boot-up (seriously) and also install software to Windows with what they called "Virtual Bundling Technology": https://indexarticles.com/business/business-wire/phoenix-tec... and https://www.cnet.com/tech/tech-industry/phoenix-jumps-on-web...
tl;dr version: UEFI can download software from the internet, copy it to the Windows partition, edit the registry, and even add desktop icons and IE bookmarks. Phoenix sought to productize this.
If you've ever seen a Windows PC where you just couldn't get rid of certain pieces of software or icons, it may have been eBetween at work. This is effectively the same thing as the persistent malware attacks described in numerous security blogs. Phoenix has since rebranded their UEFI codebase to (irony alert!) SecureCore.
page 1
Exploitable via network, no user interaction and no special privileges required. Scores 9.8 on a scale of 10 for severity from NIST. That's what happens when this stuff is done in such a highly privileged environment - simple bugs become security nightmares.
For comparison, Heartbleed scored a 7.5: https://nvd.nist.gov/vuln/detail/CVE-2014-0160
Secure boot and signed firmware won't save you, and in fact it could make things worse since it means even well-informed and capable users won't be able to fix it on their own. They're utterly helpless until their vendor fixes it and publishes an update.