Recent Forum Topics
- Weekly Tech Update #398 - A Disruption in the (Mot... [0 replies]
- Gionee's M6S Plus Phone Unveiled [0 replies]
- Verizon Fios is Quick (and Cheap) [0 replies]
- Amazon Turns to Subscriptions to Keep Dominating [0 replies]
- Samsung Galaxy TabPro S Review [0 replies]
- Bill Gates is a Solid Dad [0 replies]
- Hacking Browsing History from Your Light Sensor [0 replies]
- Low Cost Surface Cloud to Compete with Chromebooks [0 replies]
Gigabyte Firmware Flaw Allows UEFI Ransomware
At a security conference this week, a hacking team demonstrated that they could inject ransomware in the UEFI bios of certain Gigabyte motherboards. This is pretty hardcore at this level as software such as anti-virus, and even things like Acronis can't prevent and stop this kind of attack. With all the handy features UEFI brings, it also brings new threats. Hopefully these hackers stay working for the good guys and they Gigabyte patches things up real soon.
The second vulnerability is another lapse on Gigabyte's side, who forgot to implement a system that cryptographically signs UEFI firmware files. The second flaw also covers Gigabyte's insecure firmware update process, which doesn't check the validity of downloaded files using a checksum and uses HTTP instead of HTTPS. CERT/CC has issued an official Vulnerability Bote (VU#507496) for both flaws.