UEFI Firmware Vulnerabilities

Hewlett-Packard

Hewlett-Packard or HP is a multinational information technology company that is widely known for their consumer-grade electronic equipment. Most offices today will use HP in some form, whether that be through their laptops, monitors, printers etc. HP was the leading PC manufacturer from 2007-2013, this alone shows us how widespread HP products are, which makes it even more significant when there are critical flaws in their systems. 

What is UEFI

UEFI stands for Unified Extensible Firmware Interface, it defines the interactions between an operating system and the machine firmware. UEFI is a replacement of the BIOS and is also backwards compatible with it. They support remote diagnostics and repair even when there is no operating system.

Why firmware flaws are bad

Since firmware is what allows the machine to boot up, firmware flaws leave the machine vulnerable to attacks before they even boot. Once malicious code has been injected into your machine within the firmware, it is hard to detect and remove since it evades hard resets and a majority of security measures. Another concern regarding malicious access to the firmware is the fact that an attacker can brick a computer by preventing it from booting.

What the specific issue with HP UEFI is

One of the most concerning flaws fixed in this most recent patch is the vulnerability in the System Management Mode, which allows the execution of arbitrary code with the highest privileges. 

According to the U.S Commerce and Homeland Security, “Securing the firmware layer is often overlooked, but it is a single point of failure in devices and is one of the stealthiest methods in which and attacker can compromise devices at scale.”

References:

https://thehackernews.com/2022/03/new-16-high-severity-uefi-firmware.html

https://www.bleepingcomputer.com/news/security/hp-patches-16-uefi-firmware-bugs-allowing-stealthy-malware-infections/

Join the Conversation

52 Comments

  1. It is scary to think that the firmware layer is a single point of failure in devices. I learned that it is one of the stealthiest method in which attacker can compromise a device from this article. I have encountered UEFI in my BIOS before but never really knew what it did or was, but I do now.

  2. Interesting Post! I always thought firmware protects the devices but never thought it causes failure in devices. i never really had knowledge about firmware but its scary that it’s vulnerable and makes hackers job easy to access private data.

  3. I must say I did not know about this firmware flaw until now. I also currently own a HP laptop. I have all of my school stuff on it and I for sure do not want to lose any data. I can never know when my firmware might fail making my laptop vulnerable to attacks. I think this issue should be looked at in more depth. On the other hand just to keep data safe users can keep their data backed up at all times. Interesting post!!

  4. Thanks for the interesting topic. I did actually consider using it when I was using my old HP. It is scary to know that there is a cyber-risk accompanies with its benefits to the laptop.

    1. Exactly I agree with your statement. It is quite scary that you might be sitting on a timebomb that could go off at any moment. I would imagine the devastation that this has caused to the company and its users. I am sure people would think twice before settling for HP or something similar. But I hope that HP learns its lessons and makes a promise to never let this happen again.

  5. Wow, I clicked this because of how I used to own an HP laptop because they were giving it for free if you switched to Telus! It’s always interesting to see huge and basically certified companies sell products that I big vulnerabilities like this. It was also very interesting to see that a hard reset sometimes isn’t able to get rid of malware because of how it hides in the system.

  6. Thanks for introducing this issue in the post, though I would have liked to see more information on the matter. Because HP is widely used throughout society, this error should be fixed ASAP. But, fortunately, there are alternatives from HP that consumers can acquire instead. At least I am not using an HP laptop! Regardless, HP must fix this error immediately to prevent its customers from being compromised. Given how HP is widely trusted in society, these kinds of errors will greatly damage the company’s reputation.

    1. Well, that is not to say that other devices do not have their own set of problems. HP was just the unlucky one to get caught up in this mess. Ipads and Mac could have firmware issues that are not known publically but are well-known underground. What should happen I believe is to create a separate entity whose main purpose is to supervise these errors or flaws and prevent any leakage outside to the underground stream. I think this would go a long way to ensure protection from future attacks. Additionally, the fact that the company’s reputation is on the line should be a great motivator to ensure that these problems do not surface again.

  7. Users should back up all of their data as a precaution. I’m surprised to see that the firmware layer is frequently disregarded, yet it is a single point of failure in devices and one of the most stealthy ways for an attacker to compromise devices at scale.Great post!

    1. It is insane how the vulnerability in the System management mode existed in the first place as if someone with malicious intents gets access to it, the defender cannot do anything and the attacker can very easily brick them while hacking away at their data. UEFI firmware replaces BIOS and add more functionality, so it have better protection.
      UEFI malware is absurdly scary as it can avoid normal detection and can still remain in the system after its has been deleted, so the malware is resilient and very damaging. This is a serious issue, luckily HP have fixed their problem but they should be more careful in the future as their users will suffer a lot if another UEFI malware hits them.

  8. I did not think that firmware could be a vulnerability like it is here. Gaining access to a System Management Role could give unlimited access to an attacker. It is good that HP fonud this vulnerability before it became a wide spread problem. The concept of losing all of your data due to this kind of problem is scary and hopefully a similar type of vulnerability does not come up again.

  9. Good lord, how exactly does a massive company like HP allow a flaw that allows the execution of arbitrary code at the highest privilege level to be distributed to so many users. It’s incredible just how vulnerable so much of our technology truly is. It’s also interesting to look at firmware hacks, since I’d wager that most people aren’t even really aware of what firmware is, and yet a vulnerability in a system’s firmware is arguably so much worse than a simple software vulnerability.

  10. Good Post! The recently fixed flaw in the System Management mode sounds quite scary. Having an area where one can execute arbitrary code with the highest privilege and is immune to system resets and other security measures is a glaring flaw! An attacker could essentially gain free and uninhibited access to a device, and they could have that access be safe from security sweeps or system resets. I’m glad that they fixed this issue, considering how popular and widespread HP devices are, the potential for a disaster was enormous.

  11. It is very easy to overlook the firmware layer and companies like HP should pay close attention and perform sufficient testing before releasing their firmware. At the firmware level, if there is a flaw like the one mentioned above, hackers can gain complete access to a system which is pretty scary.

  12. Cool post! It is interesting that there are replacements to stuff like BIOS which I have always had for my personal computers. Your post does a great job highlighting the importance of making sure that these firmware are airtight as you mentioned that a single flaw can result in a huge opportunity for malicious lines of code to run rampant on a PC. While it is cool to see companies creating alternatives, I hope that they test these intensively as a single mistake could cause thousands of people a lot of harm.

  13. UEFI vulnerabilities are always scary due to how close they function to the hardware, allowing attackers to access information from a very root level when exploiting these vulnerabilities. A vulnerability such as this which allows you to run code at levels higher than they should is quite problematic, especially with how this same firmware is probably being used on thousands of devices. It’s a good thing they’ve patched it, here’s to hoping most of the users who have the outdated firmware will actually update it.

  14. Great post! Hearing that UEFI is a “single point of failure” and that it’s a really stealthy way of exploiting vulnerable machines is quite concerning. Do you know if HP has made any statements on this or are patching/have already patched this issue?

  15. This is an interesting post. HP has loopholes in the system management mode, and system defects will damage customers. Unexpectedly, the attacker will destroy the computer through firmware. The aggressiveness of malicious code that is difficult to detect and delete will cause serious damage to the computer. This will greatly reduce users’ trust in HP. HP should fix this loophole as soon as possible to ensure the safety of customers and avoid damaging the company’s reputation.

  16. This is an interesting topic! The bug in System Management mode allows attackers to run arbitrary code with the highest privileges and is unaffected by system resets or other security measures. I’m delighted they addressed it because, given how popular and broad HP products are, there was a huge risk of a calamity.

  17. After reading your post, I have been thinking if there are widespread vulnerabilities within my device. This is a great concern for everyone since very few companies corner the market on computers such as Microsoft, Apple, Toshiba, and Google to name a few. If they overlooked a small critical piece, this could translate into a massive setback for all individuals who use the device. That is not to mention that Google chrome books are used widely in schools and an attack on the firmware could lead to immense damage as people with the access could use it for evil purposes that they see fit. I hope companies would take note of this and hope to resolve their own underlying issues. We could be owning a device with a plethora of vulnerabilities that may not be apparent to our eye but is existent within our systems.

  18. Good post! My last laptop is from HP. Can’t imagine what would happen if this type of firmware infects my PC. Recently, plenty of potential flaws were found in well-known companies. Manufacturers should prevent the spread of potential flaws and eliminate them before these flaws cause wider range of problems and panics.

  19. A vulnerability that could allow malicious code to persist across OS installs and hard drive replacements? As far as points of failure go, this is close to as severe as it can get. Plus, any malware that might leverage these vulnerabilities could be totally undetectable, since the firmware sits above both the bootloader and the operating system. It’s like a rootkit for rootkits LOL

  20. Great post! I had no clue that there was such a serious vulnerability in the UEFI firmware. This is pretty serious because their HP laptops are very popular. I don’t personally use one but I know many people that do. I am happy to hear that this bug was addressed because this would’ve been a very big issue.

  21. This reminds me of my father puting a password at the BIOS level instead of the OS to keep me out of my laptop. You can always bring in a fresh installation but getting through that black and blue password screen isn’t as easy. Looking at this flaw I am unsure of its severity as in order for someone to utilize it they would have the ability to access the UEFI but again who puts a password on that let alone knowing that you can actually put a password on it.

  22. Pingback: Learn More
  23. Pingback: connetix
  24. Pingback: jarisakti
  25. Pingback: sell weapons
  26. Pingback: wa dultogel
  27. Pingback: Sylfirm
  28. Pingback: Sylfirm
  29. Pingback: Funny videos
  30. Pingback: metadona droga
  31. Pingback: Dental
  32. Pingback: ยิง sms

Leave a comment