A vulnerability in the BIOS of Dell computers allows an attacker to overwrite the contents of the BIOS. Security researchers have found that the write protection of the BIOS in Dell computers isn’t properly enabled after which it can be overwritten. The issue appears when the computer is resumed from sleep.
The BIOS is a type of firmware that runs first when a computer is powered on and has been succeeded by Unified Extensible Firmware Interface. Normally the BIOS is write protected to prevent attackers from overwriting it. Only digitally signed software is able to write to the BIOS area in case of e.g. a firmware update.
In this case Dell computers haven’t properly implemented the write protection which allows the BIOS to be overwritten by attackers.
“Therefore, an attacker is free to reflash the BIOS with an arbitrary image simply by forcing the system to go to sleep and wakes again. This bypasses the enforcement of signed updates or any other vendor mechanisms for protecting the BIOS from an arbitrary reflash”, according to the CERT Coordination Center from Carnegie Mellon University.
A list of affected models is available from their website. Also Apple was previously affected by a similar problem but already resolved it.
The BIOS is a type of firmware that runs first when a computer is powered on and has been succeeded by Unified Extensible Firmware Interface. Normally the BIOS is write protected to prevent attackers from overwriting it. Only digitally signed software is able to write to the BIOS area in case of e.g. a firmware update.
In this case Dell computers haven’t properly implemented the write protection which allows the BIOS to be overwritten by attackers.
“Therefore, an attacker is free to reflash the BIOS with an arbitrary image simply by forcing the system to go to sleep and wakes again. This bypasses the enforcement of signed updates or any other vendor mechanisms for protecting the BIOS from an arbitrary reflash”, according to the CERT Coordination Center from Carnegie Mellon University.
A list of affected models is available from their website. Also Apple was previously affected by a similar problem but already resolved it.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}