1 |
On Sat, Mar 17, 2018 at 9:53 AM, Fast Turtle <fturtle@×××××.com> wrote: |
2 |
> |
3 |
> All this does is makes damn sure I will not buy any used hardware |
4 |
> since you can change embed into the UEFI firmware what ever you want - |
5 |
|
6 |
To be fair that is hardly anything new either. Sure, this particular |
7 |
attack is new, but the concept has been around for a while. The NSA |
8 |
was even dropping code into hard drive firmware. |
9 |
|
10 |
I suspect the reason firmware attacks aren't more common is that |
11 |
they're more useful for things like espionage (government or |
12 |
corporate) where actually profiting from the stolen data requires |
13 |
investments, and the fact that firmware programming is a fairly |
14 |
obscure discipline. |
15 |
|
16 |
That and they require getting to the firmware in the first place, |
17 |
which often requires physical access, or tampering with equipment |
18 |
before it is purchased. The NSA can give UPS a check for $10k to bump |
19 |
your 2-day delivery to "hand-carry on private jet with a brief stop at |
20 |
this nondescript building." The average hacker doesn't have that |
21 |
option. |
22 |
|
23 |
-- |
24 |
Rich |