“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. “Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.”

  • 0x0@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    3
    ·
    3 hours ago

    Who would’ve thought replacing a BIOS with what’s essentially a micro-computer would open a can of worms…

    • Eximius@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      3 hours ago

      BIOS was always a micro computer… it’s just more standardized now.

      And especially things like IPMI (which is essentially a company-sanctioned backdoor to any intel server) which has a full on webserver with an unknown number of threat vectors, things like this really fall flat for security.

      Just because threats are found for UEFI (an open standard), it means nothing in grand scheme of things, just that it is more observed and more easily dissected for nefariousness.