Firmware vulnerabilities in millions of computers could give hackers superuser status

[MuzzMelbourne]

Content source

https://arstechnica.com/security/2023/07/millions-of-servers-inside-data-centers-imperiled-by-flaws-in-ami-bmc-firmware/

Two years ago, ransomware crooks breached hardware-maker Gigabyte and dumped more than 112 gigabytes of data that included information from some of its most important supply-chain partners, including Intel and AMD. Now researchers are warning that the leaked information revealed what could amount to critical zero-day vulnerabilities that could imperil huge swaths of the computing world.

The vulnerabilities reside inside firmware that Duluth, Georgia-based AMI makes for BMCs (baseboard management controllers). These tiny computers soldered into the motherboard of servers allow cloud centers, and sometimes their customers, to streamline the remote management of vast fleets of computers. They enable administrators to remotely reinstall OSes, install and uninstall apps, and control just about every other aspect of the system—even when it's turned off. BMCs provide what’s known in the industry as “lights-out” system management.

Firmware vulnerabilities in millions of computers could give hackers superuser status

BMCs give near-total control over entire fleets of servers. What happens when they're hacked?

arstechnica.com

 

[cartaphilus]

Firmware vulnerabilities in millions of computers could give hackers superuser status

BMCs give near-total control over entire fleets of servers. What happens when they're hacked?

arstechnica.com

Please call it "The Invasion of the Firmware Snatchers" vulnerability since like in the movie... They get you when you are asleep!