07.14.15
Governments-Connected ‘Hacking Team’ Targets UEFI, Reveal Leaks
Summary: The insecurity and abundant complexity/extensibility of UEFI is already exploited by crackers who are serving corrupt regimes and international empires
TECHRIGHTS has spent many years writing about dangers of Microsoft back doors and about 3 years writing about UEFI which, according to various citations we gathered, enables governments to remotely brick (at hardware level) computers at any foreign country, in bulk! This is a massive national security threat and Germany was notable in reacting to it (forbidding the practice). Among our posts which cover this:
- NSA Confirms Remote Computer Bricking by BIOS (or UEFI) as a Real Strategy
- UEFI is Bricking Computers When One Removes Spyware With Back Doors (Microsoft Windows)
- If You Use Microsoft Windows, the NSA Can Brick Your Computer Hardware Remotely
- Windows Vista 8.1, or Windows ‘Brick Edition’, Shows That UEFI is Malicious, Opposite of ‘Secure’
- Ignore the Spin: Microsoft’s UEFI Programme Still Bricking Laptops
- Why Samsung Hardware With UEFI Boot Gets Bricked by Linux
- UEFI ‘Secure’ Boot is Not About Security, Insyde Software’s Business Model is Misguided and Dangerous
- Microsoft’s Anticompetitive Attack on GNU/Linux Booting is Bricking Laptops
- UEFI Restricted Boot No Longer Valid for Security, Keys Leaked
- UEFI Restricted Boot Good for Microsoft Agenda, Not for Security
- Microsoft Can’t Understand Security (Lesson for UEFI Apologists)
- UEFI Apologists Versus Germany’s Government Judgment on UEFI Insecurity
- Red Hat Fails to Convince That UEFI is Tolerable, Uses ‘Security’ as Talking Point
Today we learn that UEFI firmware updates spread to the most widely used GNU/Linux desktop distribution and yesterday we learned that “HackingTeam has code for UEFI module for BIOS persistency of RCS 9 agent (i.e. survives even HD replace)…”
Rik Ferguso wrote this with link to the PowerPoint presentation, pointing to leaked E-mails via Wikileaks. The push back against UEFI ought to be empowered by such revelations, perhaps in the same way that these leaks now threaten to kill Adobe Flash for good. █