New Intel Firmware Boot Verification Bypass Enables Low-Level Backdoors

itwbennett writes: At the Hack in the Box conference in Amsterdam this week, researchers Peter Bosch and Trammell Hudson presented a new attack against the Boot Guard feature of Intel's reference UEFI implementation, known as Tianocore. The attack, which can give an attacker full, persistent access, involves replacing a PC's SPI flash chip with one that contains rogue code, reports Lucian Constantin for CSO. 'Even though such physical attacks require a targeted approach and will never be a widespread threat, they can pose a serious risk to businesses and users who have access to valuable information,' writes Constantin. Intel has patches available for Tianocore, but as we all remember from the Meltdown and Spectre vulnerabilities, distributing UEFI patches isn't an easy process.

Read more of this story at Slashdot.