Watch researchers remotely brick a server by corrupting its BMC & UEFI firmware

[silversurfer]

In a proof-of-concept video published today, security researchers from Eclypsium have shown that firmware attacks can be just as dangerous and damaging as infections with ransomware or disk-wiping malware.

Their proof-of-concept attack is aimed at servers that feature a Baseboard Management Controller (BMC), a chip-on-chip system that allows for remote system management operations.

The attack portrayed in the video requires an attacker to gain access to a server beforehand, but researchers argue this isn't a big issue in today's software landscape where almost any software product is affected by a remotely exploitable vulnerability, and enterprises are plagued by password reuse and default credentials.

Once an attacker has a foothold on a system, the Eclypsium team says they can use the Keyboard Controller Style (KCS) interface to interact with the BMC.

Source: https://www.zdnet.com/article/watch-rese...-firmware/