Hacking BIOS chips isn't just the NSA's domain anymore

Automated discovery and exploitation of architectural flaws is merely the next step in the evolution of software. For the past few years we have been witness to a &#x27;whack-a-mole&#x27; type of dynamic in the field of computational security. Exploits are published, a day later they become a Metasploit module, and a day after that anybody in the world can use it on everyone else in the world at the click of a mouse. If you are a full time sys-admin plugged into all the advisory mechanisms you may, for a time, be able to keep your systems patched, but the machines never sleep, they never blink, they never forget, and apparently, they never die.<p>In the race against time, it is fair to say at this point that the machines have won. It may not be completely obvious yet, in the way that a tidal wave out at sea is only a small hump under your individual ship, but when it comes ashore, when the confluence of terrain and massive liquid power becomes manifest, then, of course, it is obvious.<p>What appears to be happening is a kind of terra-forming activity, a new software layer is spreading, one that has the keys to everything - our social lives, our morning cup of coffee, our cars.. our nukes.<p>This has an end condition, of course - and that is the total loss of control over our technological infrastructure.

In my view this is a result of hardware not actually being &quot;hard&quot;.<p>It would be far better to have a bug that comes back after a cold boot, as part of a known starting state, than to have a mechanism for &quot;updates&quot; (running software) that is inaccessible to the user&#x2F;programmer. A static bug can be worked around, but a moving target is harder to compensate for, particularly if it is not viewed as user-programmable (for lack of documentation, or license, etc).<p>To me, this demonstrates that the proper place for security is in software, at as high a level as possible for the purpose. Even secure boot is too low. Boots should be insecure, but repeatable. Turning a computer on should give full control - only then can you lock it down (whatever that means to the user...). Secure boot, if you want it, should just be a bootloader that verifies a payload, thereby protecting itself - not a BIOS-integrated feature, where the BIOS is opaque.<p>A feature-full BIOS would only makes sense if it were immutable (and even then, there would be disadvantages), or (at the other end of the spectrum) if it were as programmable as the rest of the system - but until then, any unnecessary complexity or &quot;features&quot; are downright harmful.

In my opinion it isn&#x27;t a bad thing because in the future, when Microsoft disallows disabling secure boot, using BIOS vulnerabilities will be the only way to install an unsigned operating system.

I&#x27;m reasonably technical but had no idea I was supposed to be security-patching my BIOS. I googled and found that (1) most of the articles about updating BIOS don&#x27;t mention security, (2) finding BIOS updates for your hardware isn&#x27;t necessarily trivial, and (3) applying the update is a fairly involved process with some risk of bricking your computer.<p>Is there any way hardware manufacturers could make it as easy as OS updates?

A lot of these reflashable ROM exploits can be prevented with the simple addition of a physical switch or jumper that controls the write signal. With the writes physically disabled, no exploit would survive rebooting the system.<p>Device makers can add such switches as a simple way to advertise being secure. I&#x27;d pay a few dollars extra for such, for example, hard disk drives that cannot have their firmware altered, and car computers that cannot be altered, etc.

Naive question: Is Core Boot in any way a potential remedy for the sad, sorry situation we&#x27;re in here?<p>I wonder when there will become a market for manufacturers to start releasing devices with hardware DIP switches or jumpers that need to be bridged for flashing purposes.

so...I see a nice thread here without a link to the researcher&#x27;s actual work... speculate and bloviate much? <a href="http://legbacore.com/Research.html" rel="nofollow">http:&#x2F;&#x2F;legbacore.com&#x2F;Research.html</a>

Are these vulnerabilities exclusive to UEFI BIOS? The more I learn about UEFI, I am left with the feeling it is nothing but a wide open back-door and a method to &quot;brick&quot; pc&#x27;s.

These are really stupid people who want to fight God, LOL.<p>Guess who wins when you fight God?