- Joined
- Oct 9, 2007
- Messages
- 47,294 (7.52/day)
- Location
- Hyderabad, India
System Name | RBMK-1000 |
---|---|
Processor | AMD Ryzen 7 5700G |
Motherboard | ASUS ROG Strix B450-E Gaming |
Cooling | DeepCool Gammax L240 V2 |
Memory | 2x 8GB G.Skill Sniper X |
Video Card(s) | Palit GeForce RTX 2080 SUPER GameRock |
Storage | Western Digital Black NVMe 512GB |
Display(s) | BenQ 1440p 60 Hz 27-inch |
Case | Corsair Carbide 100R |
Audio Device(s) | ASUS SupremeFX S1220A |
Power Supply | Cooler Master MWE Gold 650W |
Mouse | ASUS ROG Strix Impact |
Keyboard | Gamdias Hermes E2 |
Software | Windows 11 Pro |
An FTP server in Taiwan that could be publicly accessed, leaked the source code of AMI Aptio UEFI BIOS, including AMI's unique UEFI signing test key. The utterly irresponsible act of holding such sensitive data on public FTPs is suspected to be committed by motherboard vendor Jetway. In doing so, the company may have compromised security of every motherboard (across vendors) running AMI Aptio UEFI BIOS. Most socket LGA1155 and FM2 motherboards, and some socket AM3+ motherboards run AMI Aptio.
Among the leaked bits of software include the source code of AMI BIOS, Aptio, and AMI's UEFI test signing key, which is used by all its clients to sign their BIOS updates. Signing ensures that BIOS updating software verifies the update is genuine, and coming from the motherboard manufacturer. With this key out, malware developers can develop malicious BIOS updates, hack motherboard vendors' customer support websites, and replace legitimate BIOS updates with their malicious ones. Control over the system BIOS could then give hackers access to most ring-0 OS functions.
"By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated & installed for the vendor's products that use this firmware. If the vendor used this same key for other products - the impact could be even worse," writes Adam Caudill, who along with Brandon Wilson, discovered the open FTP server. "This kind of leak is a dream come true for advanced corporate espionage or intelligence operations. The ability to create a nearly undetectable, permanent hole in a system's security is an ideal scenario for covert information collection," he added.
View at TechPowerUp Main Site
Among the leaked bits of software include the source code of AMI BIOS, Aptio, and AMI's UEFI test signing key, which is used by all its clients to sign their BIOS updates. Signing ensures that BIOS updating software verifies the update is genuine, and coming from the motherboard manufacturer. With this key out, malware developers can develop malicious BIOS updates, hack motherboard vendors' customer support websites, and replace legitimate BIOS updates with their malicious ones. Control over the system BIOS could then give hackers access to most ring-0 OS functions.
"By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated & installed for the vendor's products that use this firmware. If the vendor used this same key for other products - the impact could be even worse," writes Adam Caudill, who along with Brandon Wilson, discovered the open FTP server. "This kind of leak is a dream come true for advanced corporate espionage or intelligence operations. The ability to create a nearly undetectable, permanent hole in a system's security is an ideal scenario for covert information collection," he added.
View at TechPowerUp Main Site
Last edited: