Geeks for your information
Watch researchers remotely brick a server by corrupting its BMC & UEFI firmware - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Watch researchers remotely brick a server by corrupting its BMC & UEFI firmware (/showthread.php?tid=4851)



Watch researchers remotely brick a server by corrupting its BMC & UEFI firmware - silversurfer - 19 December 18

Quote:In a proof-of-concept video published today, security researchers from Eclypsium have shown that firmware attacks can be just as dangerous and damaging as infections with ransomware or disk-wiping malware.

Their proof-of-concept attack is aimed at servers that feature a Baseboard Management Controller (BMC), a chip-on-chip system that allows for remote system management operations.

The attack portrayed in the video requires an attacker to gain access to a server beforehand, but researchers argue this isn't a big issue in today's software landscape where almost any software product is affected by a remotely exploitable vulnerability, and enterprises are plagued by password reuse and default credentials.

Once an attacker has a foothold on a system, the Eclypsium team says they can use the Keyboard Controller Style (KCS) interface to interact with the BMC.

Source: https://www.zdnet.com/article/watch-researchers-remotely-brick-a-server-by-corrupting-its-bmc-uefi-firmware/