Who could have predicted bootloader drm wouldn’t go well?
New UEFI vulnerabilities send firmware devs industry wide scrambling
Submitted 9 months ago by leo@lemmy.linuxuserspace.show to technology@lemmy.world
https://arstechnica.com/?p=1996543
Comments
AnarchoSnowPlow@midwest.social 9 months ago
A_A@lemmy.world 9 months ago
… UEFI (Unified Extensible Firmware Interface) replaces the BIOS which was present in the boot ROM of all personal computers …
BearOfaTime@lemm.ee 9 months ago
When does a machine ever need IP6?
Treczoks@lemmy.world 9 months ago
When it is running in a modern, I.e. IPV6 network?
ryannathans@aussie.zone 9 months ago
Ipv6 is the replacement for ipv4. There now exist networks without ipv4
Supermariofan67@programming.dev 9 months ago
A lot of the world, especially Africa and south America, was somewhat later in adopting the Internet and has a much smaller supply of IPv4 addresses. People with ISPs there need IPv6 to be directly connectable without CGNAT
thanevim@kbin.social 9 months ago
PXE, or network boot. It is basically never used (and rarely enabled, if ever, by default) by the individual, but can be helpful in, for example, a large scale OS deployment. Say IT has to get their corporate image version of Windows 10/11 installed on 30 new laptops. They could write a ton of flash drives, but it'd be easier to just host a PXE boot server and every laptop just listen to them.
V6 specifically in that instance would just be for the reason of "we need to move away from v4 anyways"
BKXcY86CHs2k8Coz@sh.itjust.works 9 months ago
Running matter/thread for safer IoT
autotldr@lemmings.world [bot] 9 months ago
This is the best summary I could come up with:
The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings.
People with even minimal access to such a network—say a paying customer, a low-level employee, or an attacker who has already gained limited entry—can exploit the vulnerabilities to infect connected devices with a malicious UEFI.
By installing malicious firmware that runs prior to the loading of a main OS, UEFI infections can’t be detected or removed using standard endpoint protections.
The malicious image in this scenario will establish a permanent beachhead on the device that’s installed prior to the loading of the OS and any security software that would normally flag infections.
This kind of access may be possible when someone has a legitimate account with a cloud service or after first exploiting a separate vulnerability that gives limited system rights.
When the client-{based server] boots, the attacker just needs to send the client a malicious packet in the [request] response that will trigger some of these vulns.
The original article contains 703 words, the summary contains 177 words. Saved 75%. I’m a bot and I’m open source!
Supermariofan67@programming.dev 9 months ago
Not at all surprised, motherboard firmware from most vendors has always been a steaming pile of shit code, often not even built to spec.
SnotFlickerman@lemmy.blahaj.zone 9 months ago
Not all hardware manufacturers are effected and it’s based on a specific open source implementation of UEFI.
xan1242@lemmy.ml 9 months ago
Aren’t AMI, Insyde and Phoenix providers for 98% of PC (be it board or OEM) vendors though?
And AFAIR, TianoCore is basically used everywhere by everyone as a base except maybe Apple.
corsicanguppy@lemmy.ca 9 months ago