|
Top-level
Honest question, promise I'm not trolling: again, how would an attack in the wild occur using the compromised key? I've got Windows Defender, UAC, and Malwarebytes running. I try to install an infected firmware update via its exe. One or all 3 of those tools should intercept the attempt. If I ignore the warning(s) and proceed to install compromised firmware, that's on me at that point. Right? 5 comments
@ralfmaximus @dangoodin It's also a good thing to have defense in-depth. Considering that all software can be compromised, you want as many layers as possible. You would hope that there is another level of security preventing the motherboard firmware from being compromised if the OS is compromised as well.  @ralfmaximus @dangoodin all three have been bypassed multiple times over the years, and installed a variety of rootkits on millions of systems to create e.g. botnet networks There have also been various other Windows API and kernel driver flaws where the malicious software evaded their scans, which are typically "event driven" Now imagine a rootkit where a secure erase of the disk and clean Windows reinstall would not remove it... @ralfmaximus There have been many attacks where none of those protections worked. I read in the German-language "c't" published by @heiseonline that Secure Boot was poorly designed.  @ralfmaximus @dangoodin with PKpriv you can sign updates to the trust databases and (for example) install your own bootloader that backdoors everything. |
Gregory's Server
@ralfmaximus @dangoodin Sorry, I answered a question you didn't even ask in my last post. Such a low-level attack would probably mean that you are a person of interest. It's probably the kind of thing where a state sponsored actor would use zero-days to get installed. But also, yes, there are people who are willing to bypass everything or turn off an anti-virus to install cheat software or whatever else they think they're installing.