Many PC models from top brands have faced security breaches due to a weak BIOS password. Researchers from Binarly (thanks Ars Technica), a security firm, revealed that the Secure Boot system, which ensures only trusted software boots up a device, was compromised on over 200 models. These models include those from Acer, Dell, Gigabyte, Intel, and Supermicro.
The root cause of this breach was a cryptographic key protected by just a four-letter password. This key is crucial for Secure Boot and is used by multiple manufacturers. The key was leaked online, leading to a significant security vulnerability. Binarly detected the leak in early 2023 and released a detailed report outlining the issue. They noted that device makers reused old keys without rotating them, which further exacerbated the problem.
Some affected systems include Alienware gaming desktops and laptops. For these compromised devices, the leak allows malware to execute during system boot, bypassing Secure Boot. Only a direct firmware update can secure these affected devices.
However, brands involved claim they have patched or decommissioned the compromised systems. Binarly’s disclosure aims to inform users about the historical breach and highlight the importance of proper security implementations. The incident emphasizes that even well-designed security features can fail if not correctly executed.
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…
Heavy Equipment Bundle: Includes a steering wheel for heavy machinery, gas and brake pedals, and…
Low-profile Keys for an ergonomic gaming experience. With slimmer keycaps and shorter switches, enjoy natural…
Size & style: Ambidextrous lightweight mouse for gaming. Built for speed, control and comfort, with…