big security hole for millions of motherboards

big security hole for millions of motherboards

The BIOS, or UEFI in its less austere evolution usable with the mouse, is the small system integrated into the motherboard which is used to make an inventory of the components and interfaces of your computer when it starts up. It loads before the main Windows or Linux operating system present on your hard disk, flash disk, USB key or optical media, thanks to which you can use your software, online services and peripherals.

And it's this BIOS, or UEFI, that we're going to talk about here. At a CanSecWest computer security conference, researchers Corey Kallenberg and Xeno Kovah revealed theexistence of a flaw. Thanks to a tool specially designed and adaptable to the various BIOS developed by the main brands of motherboards, including Asus, Gigabyte and MSI, an attacker can infect the system to spy on it or simply make it unusable. The NSA would not have deprived itself of taking advantage of the thing.

MSI UEFI An MSI motherboard BIOS (click to enlarge)

But above all, the very many vulnerable machines may not see this gap filled anytime soon. Very few users are update BIOS of their motherboard, which is however a system like any other and which therefore has its flaws to be closed. Because you can reinstall your Windows or Linux system as many times as you want, it won't change anything. The flaw will remain until the BIOS is updated. The files and procedures are generally available from manufacturers' sites, in support or driver sections. You know what you have left to do…