UEFI bootkit

[Lee McWhorter]

Scary...

Custom-made UEFI bootkit found lurking in the wild – Ars Technica

arstechnica-com.cdn.ampproject.org

 

[Stephen Schneiter]

Scary...

Where there is one, more will follow ...

 

[Rick Butler]

>> With this in mind, we see that UEFI continues to be a point of interest to APT actors, while at large being overlooked by security vendors.

I often wondered why we didn't see more firmware malware out there. Perhaps because it varies between different firmware vendors, but I could see this becoming more of an issue if computer manufacturers look for more and more elaborate codebases in firmware to be able to do things outside of the OS. I do think the bigger target will be towards mobile devices in the next 10 years.

/r