So, I understand how general exploitation works. For instance, a stack overflow. However, I don’t understand how it’s possible to directly write to firmware within a device.
For those in the cyber security field, we know how easy it is to launch someone’s webcam on their mobile device or laptop remotely using metasploit; however, this can be taken a step further. It’s known that webcams generally turn on a light when the webcam is enabled. It’s also known that there are exploits that “rewrite” firmware to disable this feature. How is this possible, especially without physical access? Can it be done with a script?
In: Technology
Firmware used to be dumb. It was just a bunch of settings, basic glue to hold together the system for the OS to use. But with UEFI, firmware has become smart, basically small operating systems on their own, and with their own security flaws. If it’s an OS, it can be exploited. For example, with UEFI, I can go over the network to a computer that is off (power applied but not booted) and issue commands to the UEFI.
Latest Answers