Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Serious Intel Boot Guard Exploit Leaves Unpatched PCs Vulnerable To Fi


  • Please log in to reply

#1
SpywareDr

SpywareDr

    Member 3k

  • Member
  • PipPipPipPipPipPip
  • 3,817 posts

HotHardware.com > Serious Intel Boot Guard Exploit Leaves Unpatched PCs Vulnerable To Firmware Attacks

... CVE-2020-8705 ... An attacker with physical access can gain control of the system firmware while the device resumes from a sleep state ("S3"). This means there could be privilege escalations, data loss, and more depending on what the primary motives of the attacker. Therefore, Intel users need to patch their systems and prevent unwanted physical access. ...

One example is when clearing customs at an airport. Most travelers close their laptop during descent and allow it to enter S3 sleep. If the device is taken by the adversarial agency upon landing, the disk encryption keys are still in memory. The adversary can remove the bottom cover and attach an in-system flash emulator like the spispy to the flash chip. They can wake the machine and provide it with their firmware via the spispy. This firmware can scan memory to locate the OS lock screen process and disable it, and then allow the system to resume normally. Now they have access to the unlocked device and its secrets, with no need to compel the owner to provide a password.

...[...continues...]

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP