A Potential Back Door Into Many PCs Has Vendors Scrambling

Many PC vendors have a serious problem on their hands. A security researcher has found a UEFI BIOS bug that can be exploited to disable firmware write-protection. Meaning that anyone who is smart enough to exploit what Dmytro Oleksiuk posted on Github can do this:

disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.

Meaning, they can put their own code into the BIOS firmware before the Windows 10 OS boots and pwn the computer completely. That’s just delightful.

Lenovo is at the top of this list and they have an advisory out that the vulnerable came from an upstream BIOS vendor. That means that it is  likely that other vendors getting BIOS software from the same company will also be vulnerable. Not only that, there’s this little tidbit:

The package of code with the SMM vulnerability was developed on top of a common code base provided to the IBV by Intel. Importantly, because Lenovo did not develop the vulnerable SMM codeand is still in the process of determining the identity of the original author, it does not know its originally intended purpose. But, as part of the ongoing investigation, Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability’s presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code.

That paragraph gives one the impression that this was an intentional back door that was created for who knows what purpose. That’s not good and you can be sure that people at PC manufacturers world wide are scrambling to make sure that computers that they have sold and are currently selling do not get pwned.

Oh, in case you were wondering. There currently is no fix for this. Lovely.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: