UEFI Vulnerabilities Found in Major Motherboard Brands
More than a dozen major motherboard manufacturers are suffering from serious UEFI vulnerabilities. The security researchers at Riot Games have identified an important weakness found in the UEFI firmware in modern motherboards manufactured by notable manufacturers. This allows an attack to leverage Direct Memory Access (DMA), thereby bypassing security measures during the pre-boot phase of the system.
How the Vulnerability Works
The DMA, short for Direct Memory Access, represents one of the many hardware functions that allow devices such as graphics cards to access system RAM directly, without CPU intervention. Beyond contract, before the operating system load, this DMA function has attained the right to exercise direct access to the hardware of the computer.
Legendly, if an IOMMU, an Input-Output Memory Management System, were to intervene at this particular stage against rogue DMA, it would act as a hardware firewall. However, the UEFI firmware flaw identified allows the firmware to disregard an unprivileged IOMMU setting. In theory, this would pave the way for an attacker to view the memory contents of an infected machine.
Affected Manufacturers
Some of the ASRock motherboards have been confirmed to be affected by Carnegie Mellon University CERT/CC. The report also suggests possible vulnerabilities in the other products offered by ASUS, GIGABYTE, and MSI. It is highly likely that the motherboards from other manufacturers might also be affected.
Recommended Action with Risk Assessment
To be safe against this vulnerability, users should go to the motherboard manufacturer's website and search for any UEFI firmware updates. It is important to install the latest one available for your model after ensuring you have performed a full backup of your data.
In most cases, however, the risks to the average user have been determined to be low. In order to exploit this vulnerability, an attacker must have physical access to the targeted computer to install a malicious PCIe device. Hence, the major concern regarding the flaw heavily favors physical, rather than remote, access.
