[AccessD] Custom-made UEFI bootkit found lurking in the wild - Ars Technica

[James Button]

John, 

Thanks for that 
But you're 25 days early for Halloween.

And does that actually cap the older kids wearing a dark but cheap suit, and
carrying a case with the logo   "IRS"  printed on it.
 


With the really frightening IT thing being the sheer number of systems sold
ready setup.
As in, even in corporate environments - an OS installed, and even with the box
opened and resealed pre-delivery. 
also,  who nowadays even looks to see what is in the system startup, 
let alone would notice unexpected code, as in something they know should not be
there as part of the OS.

OK - hard drives could have 'stuff' on the surface outside of the LBA.s
assignable as partitions 
Time machines included drivers that way - the restore doing direct reads of the
drive for drivers as indicated in the .txt system description file.
Also there is the unused space in the bootblock, and the system partition.

Are similar exploits possible on SSD devices ?

And - as I recently found - an OS update from Microsoft had reset my system's
action-on-detection of plugged-in device from ask and explorer    to autoplay
(run the preset program).


JimB


-----Original Message-----
From: AccessD <accessd-bounces at databaseadvisors.com> On Behalf Of John Colby
Sent: Tuesday, October 6, 2020 8:43 PM
To: Access Developers discussion and problem solving
<accessd at databaseadvisors.com>
Subject: [AccessD] Custom-made UEFI bootkit found lurking in the wild - Ars
Technica

https://arstechnica.com/information-technology/2020/10/custom-made-uefi-bootkit-
found-lurking-in-the-wild/
-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com