Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not really. Regular exploits that allow attackers to gain SYSTEM level access frequently crop up in Windows (like the recent regpwn exploit). Someone who games on PC is likely into modding as well, and this is a frequent attack vector - so an innocent-looking mod executable could gain admin rights and make use of secure boot exploits like CVE-2023-24932 (assuming the system is using an unpatched BIOS). Even if the BIOS is patched, there's no guarantee that a similar exploit won't crop up in the future. You could update your system regularly to stay on top of things, but zero days exploits are also a thing - like, do you install updates the minute they come out? Probably not. And even if you do, it takes time to download and apply those updates, a window which could be used to execute zero days, by a hidden RAT.

You don't need any major resources to exploit systems these days in this manner, especially with AI in the mix.

 help



Many of these attacks target the bios.

BIOS is usually a SPI chip. It'd make sense to perhaps tie the write enable line so that it cannot be written to, unless jumpered.

It used to be a thing motherboards did. A BIOS flash enable jumper.

They kept the CMOS reset one, but for some reason got rid of the flash write enable.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: