UEFI ransomware may brick your BRIX

Subject: General Tech | April 5, 2017 - 12:37 PM |
Tagged: gigabyte, brix, uefi, ransomware

Be careful what you do with your BRIX as two rather unpleasant vulnerabilities were disclosed at a recent BlackHat event.  Gigabyte did not implement two security features which these exploits take advantage of, there is no write protection on the UEFI firmware nor a system of cryptographic signatures on UEFI firmware files which can let any file update the UEFI.  While the proof of concept demonstration only prevented the infected BRIX from booting again, this could also be used to infect your machines UEFI quietly and in a way extremely difficult to repair, you would need a UEFI update that wrote over every sector of the firmware to ensure you removed the bugs.  Pop by Slashdot for more on this depressing topic.

View Full Size

"Last week, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot

Video News


April 6, 2017 | 10:14 AM - Posted by Anonymous (not verified)

The Android Phone Broadcom wifi chip(1) story is more of worry because I have a Samsung phone but it's not a flagship phone. And the FTC and the FCC need to require that all smart-phone makers list every chip on the phone and that chip's ODM/Maker. And The Android OS needs to have a top level button to really disable all the Wifi options in all the Apps at once because just disabling the Wifi does not stop the Wifi from passing MAC frames to any wifi in the area even with the wifi "Software disabled". I'd pay extra for a smart phone with a hardware switch that disables the wifi antenna.

And all phones should be able to push updates to even phones without data plans. My old feature flip-phone's GSM(Only) stopped working reliably on T-Mobile's GSM network so I had to purchase a smart phone to get a device that even offered G3 connectivity(My Samsung smart phone offers G4 also). Because I have a legacy prepaid plan from when I purchased the feature flip-phone so that service and the phone number was transfered over to the smart phone without any data plan.

Does anyone know if the Samsung On5 uses the Broadcom wifi chip?

I just want a phone to make phone calls and I wish that T-Mobile will start selling Flip-Phones with that new chip from Qualcomm. Qualcomm is launching a new feature phone chip(2) the Snapdragon 205 and I'll galdly pay $150.00 for a new Flip phone with a dumb phone OS that does not need to be updated like Android(all the time with security problems) smart phones do becaue of security issues. Dumb OS runnning feature flip phone's with G3 and above cell radios are as rare as hen's teeth.

(1)

"Android devices can be fatally hacked by malicious Wi-Fi networks

Broadcom chips allow rogue Wi-Fi signals to execute code of attacker's choosing."

https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vu...

(2)

"Qualcomm launches the Snapdragon 205, a high-end low-end SoC
Feature phones just got a huge helping of new features"

http://semiaccurate.com/2017/03/20/qualcomm-launches-snapdragon-205-high...

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.