Today
all Platform UPS Manufacturing security Updates reports experts
Today news
About the same in other media
More
Platform UPS Manufacturing security Updates reports experts

Hard to believe but Secure Boot BIOS security has been compromised on hundreds of PC models from big brands because firmware engineers used four-letter passwords

Platform UPS Manufacturing security Updates reports experts
Reading now: 290
pcgamer.com
pcgamer.compcgamer.com:

Now, I'll admit my own password hygiene isn't always the best, though I have graduated from the days when I used «xxxxxx» for a few non-critical accounts under the reverse psychology assumption that it's so obviously insecure, nobody would bother trying it. Genius, I know. But even I realise a four-character password is a big no-no.

And yet that's exactly what was used to protect an encrypted file that was critical to the fundamental integrity of the Secure Boot, a UEFI BIOS security layer designed to ensure that a device boots using only the software that is trusted by the PC maker itself.

Ars Technica reports that, «researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, HP, Intel, Lenovo, Supermicro and others. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022.» Ouch.

Apparently, a critical cryptographic key for Secure Boot that forms the root-of-trust anchor between the hardware device and the UEFI firmware that runs on it and is used by multiple hardware manufacturers was published online, protected only by a four-character password. Security outfit Binarly spotted the leak in early 2023 and has now published a full report outlining the timeline and development of the problem.

Part of the problem, as we understand it, is device makers basically using the same old keys over and over again. To quote Binarly, the security failure involves, «no rotation of the platform security cryptographic keys per product line. For example, the same cryptographic keys were confirmed on client and server-related products. Similar behavior was detected with Intel Boot Guard reference code key leakage. The same OEM used the same platform security-related cryptographic keys for firmware produced for different device manufactures. Similar behavior was detected with Intel Boot Guard reference code key leakage.»

The report includes a list of

Read more on pcgamer.com
All news from pcgamer.com
About this in other media
tech.hindustantimes.com
10 best smartwatch under ₹5000 in India: Feature-packed models from Noise, Samsung, Fire-Boltt and more tech.hindustantimes.com /3 months ago
tech.hindustantimes.com
Best Laptop Brands: Top 10 laptop models from Apple, Dell, HP and more tech.hindustantimes.com /3 months ago
gamesradar.com
Risk of Rain 2 lead says new owner Gearbox has done right by the roguelike icon: "What Gearbox has allowed us to do and create has been incredibly exciting and fun" gamesradar.com /3 months ago
Show more
The website gamebastion.com is an aggregator of news from open sources. The source is indicated at the beginning and at the end of the announcement. You can send a complaint on the news if you find it unreliable.

Related News

21.08 / 02:44
gematsu.com
PC Tencent shooter Delta Force launches in Early Access for PC in Q4 2024
Delta Force, formerly Delta Force: Hawk Ops, will launch in Early Access for PC via Steam and Epic Games Store in Q4 2024, publisher Level Infinite and developer TiMi Studio Group announced. It will also be playable in October during Steam Next Fest. A full release will follow for PlayStation, Xbox, PC, iOS, and Android.
21.08 / 02:43
wowhead.com
Extreme War Discipline Priest Hero Talent Showdown in The War Within - Oracle vs. Voidweaver
21.08 / 02:40
gematsu.com
Mobile PC Adventure PS5 Nintendo NetEase Games announces floating islands life simulation game Floatopia for PS5, Xbox Series, Switch, PC, iOS, and Android
21.08 / 02:27
screenrant.com
Stealth UPS Why The First Descendant's Two Best Characters Desperately Need To Be Reworked
21.08 / 02:25
wowhead.com
Datamined S1 Dungeon Tuning for August 20th (Part 3)
21.08 / 02:24
screenrant.com
Adventure 10 Underrated D&D Locations That Should Get Campaigns With The 2024 Core Rulebooks
21.08 / 02:04
gematsu.com
Action PC Xbox One Adventure PS4 Nintendo Ruffy and the Riverside launches in Q1 2025
21.08 / 02:04
gematsu.com
RPG PC Xbox One PS4 PS5 Diablo IV expansion ‘Vessel of Hatred’ – ‘Mercenaries’ trailer
21.08 / 02:01
ign.com
Starfield Update 1.13.61 Full Patch Notes Details New Settings and Other Additions as Starfield Becomes Carfield
21.08 / 01:59
wowhead.com
War The War Within Pre-Patch Hotfixes - Importing Shaman Talents
21.08 / 01:50
techradar.com
Action UPS Indiana Jones and the Great Circle launches on Xbox and PC in December - and comes to PS5 in Spring 2025
21.08 / 01:42
gamingbolt.com
Xbox Series X Mihoyo Genshin Impact Genshin Impact Launches for Xbox Series X/S on November 20
21.08 / 01:10
techradar.com
UPS hack-and-slash Amazon Games reveals King of Meat, a new co-op hack-and-slash title from UK developer Glowmade
21.08 / 01:08
techradar.com
Action Adventure Dying Light: The Beast debuts at Gamescom 2024's Opening Night Live show
21.08 / 01:07
techradar.com
UPS Dune Awakening's new gameplay trailer explores the planet of Arrakis
21.08 / 01:05
rockpapershotgun.com
RPG PC Open world shooter All five of you will get a free buggy when you next boot up Starfield
21.08 / 01:04
techradar.com
UPS Lost Records: Bloom & Rage will launch in two parts in early 2025
21.08 / 01:04
techradar.com
UPS Cooper Nintendo Civilization 7 launches on PC, PlayStation, Xbox, and Nintendo Switch in February, 2025
21.08 / 01:03
techradar.com
UPS Kingdom Come Deliverance 2 trailer shows off gorgeous open world and brutal combat at Opening Night Live
21.08 / 01:02
gematsu.com
Action PC Roguelike Medievalpunk roguelike action game Reignbreaker announced for PC
21.08 / 01:00
gamingbolt.com
PC Xbox Series X PS5 The First Berserker: Khazan Will Release in Early 2025
21.08 / 00:58
techradar.com
UPS NYT Connections today — hints and answers for Wednesday, August 21 (game #437)
21.08 / 00:54
techradar.com
Stealth UPS Monster Hunter Wilds trailer at Gamescom 2024 shows off spooky spiders and electric wyverns
21.08 / 00:50
techradar.com
UPS CEO Software Borderlands Borderlands 4 has officially been announced
21.08 / 00:41
gamesradar.com
Platform Puzzle Assurant Music Little Nightmares 3 looks fantastic in its new gameplay trailer, and so does this other game from the original devs that feels just like Little Nightmares
21.08 / 00:40
gamesradar.com
Mobile Palworld dev is happy to see Black Myth: Wukong overtake the survival game's steam record: "We won't see another game reach these heights until probably GTA 6"
21.08 / 00:37
gamesradar.com
UPS Extreme Borderlands skeleton Borderlands 4 already has something that the Borderlands movie's PG-13 rating doesn't: the promise of "Intense Violence or Gore"
21.08 / 00:35
gamesradar.com
Adventure UPS Discover Life is Strange Double Exposure devs on bringing back Max: "everybody now has the Max in their heads that we have to compete with"
21.08 / 00:32
rockpapershotgun.com
PC PS5 Herdling sees you guide some loveable beasts towards a mysterious summit
21.08 / 00:31
wccftech.com
UPS Extreme NVIDIA ASUS Unveils ROG SWIFT OLED PG27AQDP “480Hz QHD” Gaming Monitor For $999 & ROG STRIX OLED “360Hz QHD” XG27ACDNG
21.08 / 00:24
wowhead.com
Datamined S1 Dungeon Tuning for August 20th (Part 2) - Increased Count from Mobs
21.08 / 00:23
pcgamer.com
Action RPG We asked Black Myth: Wukong's developer about the controversy over its founders' past sexist remarks, but GameScience's only reply was 'No comment'
21.08 / 00:23
gamesradar.com
UPS Indiana Jones and the Great Circle DLC is coming and Xbox just revealed it in the most casual way possible
21.08 / 00:20
digitaltrends.com
Fighting New Dune: Awakening gameplay trailer showcases the dangerous world of Arrakis
21.08 / 00:15
gamesradar.com
UPS My Gamescom excitement comes crashing down as my most-wanted open-world game is delayed to 2025: Hyper Light Breaker devs need more time to get it "polished"
21.08 / 00:14
gamesradar.com
UPS Digital Indiana Jones and the Great Circle Collector's Edition comes with 3 days' early access and a conspiracy theory-covered globe
21.08 / 00:05
rockpapershotgun.com
Puzzle PC Stealth exploration Indiana Jones And The Great Circle releases December 9th, will hopefully contain gameplay by that point
21.08 / 00:01
wowhead.com
Overwatch Warcraft Celebrity Blizzard at Gamescom - 30th Anniversary Warcraft Events, Warcraft Direct, & Overwatch Collab!
21.08 / 00:01
wowhead.com
UPS Diablo Best Builds in Patch 1.5.1 - Midseason Tier List Updates
21.08 / 00:00
rockpapershotgun.com
PC PS5 shooter Arc Raiders, extraction shooter from The Finals' devs, is no longer free-to-play and coming 2025
21.08 / 00:00
gematsu.com
RPG PC Starfield DLC ‘Shattered Space’ launches September 30; August update now available
20.08 / 23:59
rockpapershotgun.com
PC PS5 Peter Molyneux is back with new god sim Masters Of Albion, which looks like a stripped-down Black & White
20.08 / 23:59
wowhead.com
Provident War Blizzard Updating Authority of Storms Enchant Before War Within
20.08 / 23:52
blog.playstation.com
UPS Monster Hunter Wilds: all the news from Gamescom Opening Night Live
20.08 / 23:51
pcgamer.com
Platform UPS Google Stellar Blade studio says a PC version is coming 'in the near future'
20.08 / 23:48
wowhead.com
UPS War Invisibility Potions Updated to Share Cooldown with Combat Potions
20.08 / 23:47
wowhead.com
Overwatch Warcraft Celebrity New Sylvanas Widowmaker Overwatch 2 Skin Revealed at Gamescom 2024
20.08 / 23:42
wowhead.com
Diablo Diablo 4 Patch 1.5.1 Now Live!
20.08 / 23:41
gamesindustry.biz
Virtuos acquires British indie game developer Third Kind Games
20.08 / 23:37
rockpapershotgun.com
RPG PC Xbox One PS4 PS5 Vampire: The Masquerade - Bloodlines 2 has been delayed again, this time until the first half of 2025
20.08 / 23:36
pcgamer.com
Dreams UPS 'If you fire it up, there's a build of Civilization 1 on there': The '90s PC that Sid Meier used to make the first Civilization has a whopping 16MB of memory and still works
20.08 / 23:36
rockpapershotgun.com
PC PS5 Horror Little Nightmare studio’s Reanimal is a creepy co-op adventure inspired by Wind Waker and Silent Hill 2
20.08 / 23:32
gematsu.com
PC Xbox One PS4 PS5 Nintendo Horror Little Nightmares III ‘Friendship’ trailer, screenshots
20.08 / 23:27
pcgamer.com
Action RPG UPS War Kingdom Come: Deliverance 2 imagines a medieval Europe that's mostly swords in its latest Gamescom gameplay teaser
20.08 / 23:24
rockpapershotgun.com
PC PS5 Mafia: The Old Country coming in 2025, taking the series to early 20th century Sicily
20.08 / 23:23
digitaltrends.com
Provident You can try the new Xbox Game Pass Standard tier for $1
20.08 / 23:18
gematsu.com
Action Mecha BREAK – Xbox Series closed beta test set for August 25 to 27
20.08 / 23:10
droidgamers.com
Party Adventure UPS SEGA’s Fall Guys-Style Game Sonic Rumble Enters Pre-Launch In Select Regions
20.08 / 23:08
gamesradar.com
Overwatch Simulation Infinity Marvell NetEase fishing NetEase is here to say we won't stop with Overwatch 2 challenger Marvel Rivals, here's Animal Crossing rival Floatopia
20.08 / 23:08
pcgamer.com
UPS Diablo Blizzard is bringing mercenaries back with Diablo 4: Vessel of Hatred and one of them is a literal demon
20.08 / 23:06
ign.com
UPS Citizens War Civilization 7: The First Preview
20.08 / 23:03
pcgamer.com
Software NVIDIA AMD War With Indiana Jones and the Great Circle, Black Myth: Wukong, and Star Wars Outlaws, ray tracing in games is slowly becoming an Nvidia-exclusive
20.08 / 23:00
pcgamer.com
Fighting UPS Extreme Hallmark We can finally get our hands on Path of Exile 2 when it hits early access this November
20.08 / 22:52
videogameschronicle.com
PC ‘I’ve come home to PC and console’: Peter Molyneux unveils new god game Masters of Albion
20.08 / 22:50
digitaltrends.com
Puzzle Adventure UPS Herdling is an indie game that Panic hopes is the next Firewatch
20.08 / 22:49
gamesradar.com
Twitter Borderlands Mafia: The Old Country is going "back to the roots of what fans love about the Mafia franchise," and acts as a prequel in 1900s Sicily
20.08 / 22:49
gamesradar.com
Platform Mobile UPS Fable mastermind Peter Molyneux takes to Gamescom to ask "what the hell was I doing" and announce he got "the old team back together" for a new open-world god game
20.08 / 22:49
gematsu.com
PC PS5 Horror THQ Nordic and Tarsier Studios announce co-op horror adventure game REANIMAL for PS5, Xbox Series, and PC
20.08 / 22:43
radiotimes.com
Borderlands I was at Gamescom Opening Night Live - these 16 moments were my personal highlights
20.08 / 22:43
radiotimes.com
Progressive Batman: Arkham Shadow gameplay trailer swoops into view at Gamescom
20.08 / 22:42
gamesradar.com
Fighting UPS Diablo Diablo 4: Vessel of Hatred revives the action-RPG series' 24-year-old tradition of letting you hire mercenaries to fight alongside you
20.08 / 22:35
gamingbolt.com
PC Xbox Series X Microsoft Bethesda Indiana Jones and the Great Circle Launches December 9th for Xbox Series X/S and PC, Spring 2025 for PS5
20.08 / 22:35
gamesradar.com
RPG Exodus I think Keanu Reeves is in the new Armored Core adaptation, and I can't believe no one's saying anything about it
20.08 / 22:34
gamingbolt.com
PC Xbox One Xbox Series X PS4 PS5 Dying Light: The Beast Announced, Kyle Crane Returns in Standalone Instalment
20.08 / 22:28
digitaltrends.com
UPS How to stop Steam from opening on startup
20.08 / 22:26
videogameschronicle.com
NetEase Marvel Rivals is launching in December, and all heroes will be free
20.08 / 22:24
thesixthaxis.com
Fighting Action Mafia: The Old Country announced at the end of Opening Night Live
20.08 / 22:22
gamesindustry.biz
Space Ape shuts down its nine-year-old RTS Rival Kingdoms
20.08 / 22:21
gamingbolt.com
PC Xbox Series X Microsoft Towerborne Will be Free-to-Play, Initial Early Access Release Will Miss Xbox
20.08 / 22:17
videogameschronicle.com
Batman: Arkham Shadow reveals first gameplay at Gamescom Opening Night Live
Latest News
Main Page
Persons
Art 2586
Spike Chunsoft 129
Square Enix 954
all persons
Places
Netflix 1084
Usa 4731
Finland 142
all places
Control 2 will be an action RPG
Fast-paced racing game Hot Rod Mayhem announced for PS5, Xbox Series, PS4, Xbox One, Switch, and PC
Bloodshed is Vampire Survivors meets Doom and it's a surprisingly moreish bloodbath
Shoot ’em up remake Platypus Reclayed announced for PS5, Xbox Series, PS4, Xbox One, Switch, and PC
Dragon Ball Xenoverse 2 DLC ‘Future Saga Chapter 2’ launches November 21
About Us

Gamebastion.com is the biggest games news hub for the gamers all around the world. It is your source of the latest video game news, reviews, previews, podcasts, the most exciting releases, interviews with the video gaming industry's biggest names and other gaming features. Enjoy reading just the most authoritative, up-to-date news and headlines from the video games and entertainment industry at Gamebastion. The biggest video game news, rumors, previews, and other info about the PC, PS4, Xbox, Switch, & mobile titles you play. Stay tuned & well informed 24/7 with us!

Owner: SNOWLAND s.r.o.
Registration certificate 06691200
Address:
Snowland s.r.o.
16200, Na okraji 381/41, Veleslavín, 162 00 Praha 6
Czech Republic

Categories
Info
For advertisers
Add news

©2024. All rights reserved.

DMCA