On Sat, Mar 17, 2018 at 9:53 AM, Fast Turtle <ftur...@gmail.com> wrote: > > All this does is makes damn sure I will not buy any used hardware > since you can change embed into the UEFI firmware what ever you want -
To be fair that is hardly anything new either. Sure, this particular attack is new, but the concept has been around for a while. The NSA was even dropping code into hard drive firmware. I suspect the reason firmware attacks aren't more common is that they're more useful for things like espionage (government or corporate) where actually profiting from the stolen data requires investments, and the fact that firmware programming is a fairly obscure discipline. That and they require getting to the firmware in the first place, which often requires physical access, or tampering with equipment before it is purchased. The NSA can give UPS a check for $10k to bump your 2-day delivery to "hand-carry on private jet with a brief stop at this nondescript building." The average hacker doesn't have that option. -- Rich