The Unified Extensible Firmware Interface (UEFI) is the new type of firmware that replaces Basic Input/Output System (BIOS) firmware on PCs. Among other new features, UEFI supports security mechanisms like Secure Boot for Windows. Unfortunately, a researcher found a flaw in Lenovo’s UEFI that could allow attackers to bypass this mechanism. Watch the video to learn more.
(Episode Runtime: 2:21
Direct YouTube Link: https://www.youtube.com/watch?v=jlXtXG8YdKM
EPISODE REFERENCES:
- News article on Lenovo firmware exploit – Network World
- Cr4sh’s blog post on Lenovo UEFI flaw – Cr4.sh
- ThinkPwn readme – Github
- ThinkPwn Pr00f-of-Concept exploit – Github
- Lenovo’s security advisory on firmware vulnerability – Lenovo
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply