| 1 |
On Sat, Mar 17, 2018 at 9:53 AM, Fast Turtle <fturtle@×××××.com> wrote: |
| 2 |
> |
| 3 |
> All this does is makes damn sure I will not buy any used hardware |
| 4 |
> since you can change embed into the UEFI firmware what ever you want - |
| 5 |
|
| 6 |
To be fair that is hardly anything new either. Sure, this particular |
| 7 |
attack is new, but the concept has been around for a while. The NSA |
| 8 |
was even dropping code into hard drive firmware. |
| 9 |
|
| 10 |
I suspect the reason firmware attacks aren't more common is that |
| 11 |
they're more useful for things like espionage (government or |
| 12 |
corporate) where actually profiting from the stolen data requires |
| 13 |
investments, and the fact that firmware programming is a fairly |
| 14 |
obscure discipline. |
| 15 |
|
| 16 |
That and they require getting to the firmware in the first place, |
| 17 |
which often requires physical access, or tampering with equipment |
| 18 |
before it is purchased. The NSA can give UPS a check for $10k to bump |
| 19 |
your 2-day delivery to "hand-carry on private jet with a brief stop at |
| 20 |
this nondescript building." The average hacker doesn't have that |
| 21 |
option. |
| 22 |
|
| 23 |
-- |
| 24 |
Rich |
Archives