{"id":2853,"date":"2022-03-30T13:10:22","date_gmt":"2022-03-30T19:10:22","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2853"},"modified":"2022-03-30T13:10:26","modified_gmt":"2022-03-30T19:10:26","slug":"uefi-firmware-vulnerabilities","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/30\/uefi-firmware-vulnerabilities\/","title":{"rendered":"UEFI Firmware Vulnerabilities"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Hewlett-Packard<\/h4>\n\n\n\n

Hewlett-Packard or HP is a multinational information technology company that is widely known for their consumer-grade electronic equipment. Most offices today will use HP in some form, whether that be through their laptops, monitors, printers etc. HP was the leading PC manufacturer from 2007-2013, this alone shows us how widespread HP products are, which makes it even more significant when there are critical flaws in their systems.\u00a0<\/p>\n\n\n\n

What is UEFI<\/h4>\n\n\n\n

UEFI stands for Unified Extensible Firmware Interface, it defines the interactions between an operating system and the machine firmware. UEFI is a replacement of the BIOS and is also backwards compatible with it.\u00a0They support remote diagnostics and repair even when there is no operating system.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Why firmware flaws are bad<\/h4>\n\n\n\n

Since firmware is what allows the machine to boot up, firmware flaws leave the machine vulnerable to attacks before they even boot. Once malicious code has been injected into your machine within the firmware, it is hard to detect and remove since it evades hard resets and a majority of security measures. Another concern regarding malicious access to the firmware is the fact that an attacker can brick a computer by preventing it from booting.<\/p>\n\n\n\n

What the specific issue with HP UEFI is<\/h4>\n\n\n\n

One of the most concerning flaws fixed in this most recent patch is the vulnerability in the System Management Mode, which allows the execution of arbitrary code with the highest privileges. <\/p>\n\n\n\n

According to the U.S Commerce and Homeland Security, \u201cSecuring the firmware layer is often overlooked, but it is a single point of failure in devices and is one of the stealthiest methods in which and attacker can compromise devices at scale.\u201d<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

References:<\/p>\n\n\n\n

https:\/\/thehackernews.com\/2022\/03\/new-16-high-severity-uefi-firmware.html<\/a><\/p>\n\n\n\n

https:\/\/www.bleepingcomputer.com\/news\/security\/hp-patches-16-uefi-firmware-bugs-allowing-stealthy-malware-infections\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Hewlett-Packard Hewlett-Packard or HP is a multinational information technology company that is widely known for their consumer-grade electronic equipment. Most offices today will use HP in some form, whether that be through their laptops, monitors, printers etc. HP was the leading PC manufacturer from 2007-2013, this alone shows us how widespread HP products are, which … <\/p>\n

Continue reading “UEFI Firmware Vulnerabilities”<\/span><\/a><\/p>\n","protected":false},"author":343,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-2853","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Nathanael Huh","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/nathanael-huh\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/343"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=2853"}],"version-history":[{"count":1,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2853\/revisions"}],"predecessor-version":[{"id":2856,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2853\/revisions\/2856"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=2853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=2853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=2853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}