←back to thread

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

(securityonline.info)
658 points transpute | 2 comments | 06 May 23 17:39 UTC | HN request time: 0s | source
Show context
josephcsible ◴[06 May 23 19:00 UTC] No.35844339[source]
This isn't a blow to real security, just to DRM and treacherous computing. There's no legitimate security from "Secure" Boot.
replies(2): >>35844366 #>>35845021 #
bawolff ◴[06 May 23 19:03 UTC] No.35844366[source]
Evil maids?
replies(6): >>35844387 #>>35844545 #>>35844816 #>>35845120 #>>35845414 #>>35849808 #
Filligree ◴[06 May 23 19:05 UTC] No.35844387[source]
How many of us have maids? How many of those maids are evil?
replies(3): >>35844414 #>>35848100 #>>35865747 #
ghostpepper ◴[06 May 23 19:07 UTC] No.35844414{3}[source]
"Evil maid" is a generic descriptor for any number of attacks that can be performed with physical access to a device.

https://en.wikipedia.org/wiki/Evil_maid_attack

"The name refers to the scenario where a maid could subvert a device left unattended in a hotel room – but the concept itself also applies to situations such as a device being intercepted while in transit, or taken away temporarily by airport or law enforcement personnel. "

replies(3): >>35844820 #>>35845994 #>>35848125 #
guilhas ◴[06 May 23 19:54 UTC] No.35844820{4}[source]
Still, how real of a threat that is for 99% of computer users?

And law enforcement will have a device to bypass most devices security

replies(3): >>35844989 #>>35845472 #>>35848215 #
1. Avamander ◴[06 May 23 20:14 UTC] No.35844989{5}[source]
> And law enforcement will have a device to bypass most devices security

What makes you say that and how is that an excuse to do nothing?

replies(1): >>35850406 #
2. guilhas ◴[07 May 23 11:50 UTC] No.35850406[source]
To prevent against a evil maid attack you would need to encrypt your drive

In case of a malfunction, you risk loosing all your data

Threat actors and law enforcement can bypass it

UEFI threats moving to the ESP: Introducing ESPecter bootkit https://www.welivesecurity.com/2021/10/05/uefi-threats-movin...