Reply to post: Re: Can someone clarify something?

UEFI malware rears ugly head again: Kaspersky uncovers campaign with whiff of China

eldakka Silver badge

Re: Can someone clarify something?

In adddition to @diodesign's comments, when they say "SPI flash storage soldered onto the MB", they mean the flashable UEFI firmware that can be updated via a user-initiated flashing process, but it happens to be in embedded NVRAM on the motherboard rather than addon components such as HDD, SSD, etc. Therefore injecting this hacked firmware can be done same as updating vendor downloaded firmware from the vendors' website. That is, a bootable USB thumbdrive with the firmware, minimal O/S and the flashing software, or even with something like ASUS's 'flashback' functionality that can flash from a powered off (but plugged into power) PC with just the firmware on the USB stick, no booting to even a minimal O/S required.

So it could have been done in the factory, in transit, someone with a couple minutes physical access and a USB stick after delivery, or even remotely since these days firmware can be updated from a live, running computers multi-user O/S such as windows or Linux etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022