[SpywareDr]

HotHardware.com > Serious Intel Boot Guard Exploit Leaves Unpatched PCs Vulnerable To Firmware Attacks

... CVE-2020-8705 ... An attacker with physical access can gain control of the system firmware while the device resumes from a sleep state ("S3"). This means there could be privilege escalations, data loss, and more depending on what the primary motives of the attacker. Therefore, Intel users need to patch their systems and prevent unwanted physical access. ...

One example is when clearing customs at an airport. Most travelers close their laptop during descent and allow it to enter S3 sleep. If the device is taken by the adversarial agency upon landing, the disk encryption keys are still in memory. The adversary can remove the bottom cover and attach an in-system flash emulator like the spispy to the flash chip. They can wake the machine and provide it with their firmware via the spispy. This firmware can scan memory to locate the OS lock screen process and disable it, and then allow the system to resume normally. Now they have access to the unlocked device and its secrets, with no need to compel the owner to provide a password.

...[...continues...]