This UEFI Malware Kills Computers When You Reboot

Поділитися
Вставка
  • Опубліковано 28 січ 2025

КОМЕНТАРІ • 581

  • @John-p6c5g
    @John-p6c5g 12 днів тому +1040

    I feel like you missed a chance to say "Always check that your systems are up-to-date before someone else checks for you."

    • @xephael3485
      @xephael3485 11 днів тому

      @John-p6c5g sadly many updates cause problems and even if you update every second of the day it won't matter a lot of the time! Many of these vulnerabilities are being discovered and hidden from the user.
      "Responsible Disclosure" is a bad joke. Full disclosure is what should occur when anyone finds a vulnerability if they want to do the responsible/ethical thing. There is nothing ethical about giving a software company time to fix software they screwed up in the first place when a user is vulnerable already! Users have just as much if not more rights to know about vulnerabilities as soon as they're discovered then the software manufacturer. Without that knowledge they cannot mitigate or decide what to do.

    • @commentaccount7880
      @commentaccount7880 11 днів тому +32

      corny ahh john doe

    • @Xarros1
      @Xarros1 11 днів тому

      😭

    • @Amipotsophspond
      @Amipotsophspond 11 днів тому

      blindly updating instantly on auto, is how you end up with poison updates. auto updates are just Trojans from authoritative sources, why do think authoritative sources put out viruses and intentional vulnerabilities to make panic so you feel that need to update. it's better for every one if we all update at different times, that way we can recover from sleeper problems, hidden in updates.

    • @ANKUR--xoxo
      @ANKUR--xoxo 11 днів тому

      😭😭😭

  • @mu11668B
    @mu11668B 11 днів тому +349

    Windows 11: I am the most secure OS ever! TPM 2.0 is now a requirement!
    Also Windows 11: Enforces online login on admin account as it is the default and pulls even more third-party ads onto the unremovable web integration, significantly widening the attack surface.
    Microsoft has always been valuing money much more than security and claiming to be the opposite.

    • @r.g.c.3897
      @r.g.c.3897 11 днів тому +23

      Just enter a nonsense email address and after around 6-10 times Windows will inform you there was an error and drop you to a local account creation screen. I see a lot of very complex solutions to get around the online account requirement but my way is simple and works everytime.

    • @TheOneAndOnlyOuuo
      @TheOneAndOnlyOuuo 11 днів тому

      @@r.g.c.3897 Takes a single command during installation to bypass the account requirement. Feature updates require a microsoft account though.

    • @CosmerenautNaydra
      @CosmerenautNaydra 11 днів тому +14

      @@r.g.c.3897 I think MS closed that loophole sometime in 2024.

    • @Mojave_Ranger_NCR
      @Mojave_Ranger_NCR 11 днів тому

      @@r.g.c.3897Your way is awful. Before beginning setup, you simply press shift+f10, type and enter “oobe/bypassnro”, then proceed with setup and select “I don’t have internet”. That’s it, then you can do the local account properly.

    • @r.g.c.3897
      @r.g.c.3897 11 днів тому +7

      @@CosmerenautNaydra The last install I did was at the beginning of December for my wife so it must have been at the very end of 2004 if that is the case because it still worked then.

  • @emmioglukant
    @emmioglukant 12 днів тому +706

    Blindly trusting Microsoft,
    That can never go wrong

    • @karlgimmedatforfreemarx
      @karlgimmedatforfreemarx 12 днів тому +18

      Don’t give a toss if I get my data back.
      It’s like linux users don’t have real jobs, the entire business world is microsoft. It isn’t changing soon when most people can’t figure their email addresses out.

    • @menjolno
      @menjolno 12 днів тому

      just like blindly trusting the USA. During the vietnam war, the USA were the good guys because Cheeze Pizza 🧀🍕 was legal in the USA but not in the USSR. Now the USA changed to the bad side

    • @rumplstiltztinkerstein
      @rumplstiltztinkerstein 12 днів тому +26

      Talking about Microsoft I just saw a video showing how Microsoft stores wi-fi passwords in plaintext. Ultimate security practices there.

    • @menjolno
      @menjolno 12 днів тому +5

      it is just like how blindly trusting usa. During the vietnam war, Cheeze Pizza was legal in the us but not soviet union. I wished us were still the good guys.

    • @Rakanay_Official
      @Rakanay_Official 11 днів тому +3

      Trust nobody!

  • @leonidas14775
    @leonidas14775 11 днів тому +386

    I'm surprised more motherboard makers don't use a write-protect jumper like in the 90s. Dells I've used have a prompt in the UEFI that requires you to confirm you want permanent changes to the UEFI.

    • @xgui4-studios
      @xgui4-studios 11 днів тому +166

      cause by not having a jumper they can update your firmware without your consent ... so it giving Microsoft and OEM more power

    • @j_stach
      @j_stach 11 днів тому +27

      My chromebook has write-protect on the motherboard. You'd think it would be easy to include on more expensive hardware

    • @ashishpatel350
      @ashishpatel350 11 днів тому +15

      @@xgui4-studios well yes but it makes it easier to update for the average user. the oem wanting to update drivers and firmware is important.

    • @RameshSutar-k3j
      @RameshSutar-k3j 11 днів тому +1

      Hello, I'm EA Locum Kane from warhammer 40k, reality shifted and time traveled to setup FREEMÆSON guild, and lulzsec
      When Aurangzeb captured JahanShah he was all like DAYUM FREEMÆSON!!!!!

    • @sigmamale4147
      @sigmamale4147 10 днів тому +6

      @@ashishpatel350 average users dont update their UEFI bios

  • @Syncopia
    @Syncopia 12 днів тому +390

    Safe and secure has to be the best snake oil corpos have ever sold.

    • @Stszelec01
      @Stszelec01 11 днів тому +30

      Safe and secure for their capital gains

    • @redbeard1891
      @redbeard1891 11 днів тому +12

      I dunno, they made allot out of 'safe and effective' as well lol.

    • @JPs-q1o
      @JPs-q1o 11 днів тому +11

      You misunderstood. They didn't mean secure _for_ you, they meant secure _from_ you [having the freedom to run whatever OS you want].

    • @imgamerful
      @imgamerful 11 днів тому +7

      Safe and Effective™

    • @aeureus
      @aeureus 7 днів тому +1

      Lather up

  • @MrKornnugget
    @MrKornnugget 12 днів тому +375

    It was better when it was just BIOS. Once they connected it to the OS, it was just a matter of time.

    • @xephael3485
      @xephael3485 12 днів тому +105

      Yeah the closed source BIOS was bad enough but then Intel and MS monopoly pulled the UEFI crap nobody asked for.

    • @Shonicheck
      @Shonicheck 11 днів тому +50

      ​@@xephael3485yeah, uefi was a mistake. It is overengineered in all the wrong places, and different in all the wrong places. Edk2(aka reference implementation of uefi) build system is convoluted, unnecessarily fragile and doesn't really provide enough value to justify it(and also has a few wrappers around it from a few vendors, i mean even intel, aka creator of this mess, "reference" images use their own wrapper around said build system, nuff said). Oh and did i mention that they use their own abi? Because they do! It's a steamy hot garbage even on the standard level, you can tell because there is virtually no implementation other than the reference one that covers more than a few separate things that they HAD to implement(like one in uboot, or say gnu-efi one). Haven't heard about anyone involved who said that they were AT LEAST neutral about it - everyone hates it...

    • @fluffsquirrel
      @fluffsquirrel 11 днів тому +57

      *shareholders* : Make it look cool and do flashy stuff. That old BIOS looks boring.
      *Microsoft* : Nuff said!

    • @scottladner8249
      @scottladner8249 11 днів тому +65

      Yep. When they first announced UEFI, my initial thought was how insecure this would ultimately prove. Took a little longer than I expected, but here we are.

    • @JPs-q1o
      @JPs-q1o 11 днів тому +26

      This is why Microsoft should never have been the lead on replacing MBR.
      GRUB2 would have been infinitely better both in security _and_ functionality.

  • @SarafinaSummers
    @SarafinaSummers 8 днів тому +15

    Instant sub for no annoying background music, no screaming, no nothing. Just funny, relatable explanations, simple, to the point videos about the topic (cybersecurity), I need. Thank you!

  • @philadams9254
    @philadams9254 12 днів тому +264

    2:34 wow, PHP has come a long way. Now it's in UEFI malware!

    • @ramboti6402
      @ramboti6402 11 днів тому +10

      always has been

    • @RinceCochon
      @RinceCochon 11 днів тому +22

      Malware launches a quiz when the computer boots, it's a cute attack :3

    • @novictim
      @novictim 11 днів тому

      ​@@RinceCochoneducational malware

    • @modables
      @modables 11 днів тому +1

      ":3" 💔💔💔💔💔​@@RinceCochon

    • @iamwitchergeraltofrivia9670
      @iamwitchergeraltofrivia9670 11 днів тому

      Hahahah buying bios update

  • @cherubin7th
    @cherubin7th 12 днів тому +194

    Who secure boots the secure boot?

    • @xephael3485
      @xephael3485 12 днів тому +41

      Not you... All of these companies and manufacturers are happy taking your control of things away.

    • @cherubin7th
      @cherubin7th 12 днів тому +7

      @@xephael3485 True

    • @tablettablete186
      @tablettablete186 11 днів тому +18

      Microsoft and Motherboard manufacturer not ironically
      Thus, why MS wants the pluton chip as well

    • @xephael3485
      @xephael3485 11 днів тому

      @@tablettablete186 the wintel (Window Intel) alliance is still strong! 😠. If you shop for a server or computer today you'll see Intel as being the leading option with Microsoft crap preloaded on almost everything!
      If you want a well-designed AMD laptop or server you basically still have to fight to get it even though it outperforms Intel! (Dell shows 28intel models in server lineup to 12 AMD ones) I don't believe you can get money back from Microsoft by turning down their preloaded operating system. The Dell Pro 14 laptop doesn't allow you to deselect or keep it from being shipped with Windows 🪟
      And it's companies like Dell and Microsoft who are putting these preloaded secure boot keys into your bios

    • @luigicorciulo8190
      @luigicorciulo8190 11 днів тому +1

      As far as I know, the cpu does that, usually in most desktop systems the root of trust comes from a trusted zone inside the cpu itself. On some systems you can use a third party tpm to bootstrap the secure boot.

  • @nickjohnson410
    @nickjohnson410 11 днів тому +296

    Temple OS looking better and better everyday.

  • @Ayoub_Awesat
    @Ayoub_Awesat 12 днів тому +173

    They need their backdoors

    • @camelotenglishtuition6394
      @camelotenglishtuition6394 12 днів тому +7

      ^^this

    • @aliveandwellinisrael2507
      @aliveandwellinisrael2507 11 днів тому +31

      Don't worry, I'm sure the glowies have 10 more secure boot vulns to use, probably including a few remote tools for installing ones that aren't there by default

    • @xgui4-studios
      @xgui4-studios 11 днів тому

      ​@@aliveandwellinisrael2507 yes that way more logical

    • @adamk.7177
      @adamk.7177 11 днів тому +2

      @@aliveandwellinisrael2507 anyone that unironically calls someone a 'glowie' is a cringe little baby boy

    • @khadar47
      @khadar47 11 днів тому

      @@adamk.7177 anyone that defends a glowie is a baby batter gargler and and bootlicking tool

  • @RmFrZQ
    @RmFrZQ 11 днів тому +139

    Secure Boot never was about security, it's about Planned Obsolescence.
    The only way to defeat UEFI malware is to sign UEFI firmware with your own CA and refuse anything signed by other CAs.

    • @BigDaddy-yp4mi
      @BigDaddy-yp4mi 11 днів тому +9

      THIS

    • @JPs-q1o
      @JPs-q1o 11 днів тому +12

      This is why Microsoft should never have been the lead on replacing MBR.
      GRUB2 would have been infinitely better both in security _and_ functionality.

    • @traveller23e
      @traveller23e 11 днів тому +5

      Honestly a hardware-level pushbutton that needed to be held down during transfer of the new firmware would be fine. Obviously the system would need to be set up to detect partial firmware transfer so it didn't overwrite anything if you didn't hold the button down long enough, but that's about it.

    • @PersonausdemAll
      @PersonausdemAll 39 хвилин тому

      Whats a ca?

  • @muhdiversity7409
    @muhdiversity7409 12 днів тому +138

    Of course it's Microsoft. Please hand all your stuff to Microsoft so they can make sure it "works" properly.

    • @lavaos
      @lavaos 11 днів тому +30

      pretty please let us add telemetry??? its uh, so we can make the software, uh, better! for the user!

    • @JPs-q1o
      @JPs-q1o 11 днів тому +4

      This is why Microsoft should never have been the lead on replacing MBR.
      GRUB2 would have been infinitely better both in security _and_ functionality.

  • @Col_Panic
    @Col_Panic 11 днів тому +63

    I remember back in like 2003, I was using SoulSeek and fell asleep while DLing stuff. I woke upnto a message saying, "youre pawned mate, have fun after yiu reboot!", so I just unplugged my PC, not sure if they were fullmof crap or let the "reboot" bit slip when bragging. Nothing happened though

    • @namesurname4666
      @namesurname4666 11 днів тому +5

      22 years later i'm still using soulseek and similiar software 😅

  • @W33PING-VIK1NG
    @W33PING-VIK1NG 12 днів тому +33

    Congrats on 700k by the way, you're doing god's work broski, all the best
    I've learnt more about computers from you than anyone else 🐐youtuber imo

  • @aladdin8623
    @aladdin8623 11 днів тому +21

    And this is why we need debloated, minimalistic open source bootloaders.

  • @Schoolship.
    @Schoolship. 11 днів тому +77

    I'm so happy the first two words in the video are "secure boot". It's like a big middle finger to billy boy and Microsoft. Well deserved!

    • @njs9401
      @njs9401 11 днів тому +2

      wait what it's a microsoft thing? that explains the Linux problems then lol

    • @5555Jacker
      @5555Jacker 11 днів тому

      ​@@njs9401 Pretty much. Microsoft's public key for Windows comes preinstalled on any PC that comes with Windows. You could try to enroll your own secure boot keys, but some firmware doesn't allow that and your PC ends up soft-bricked.
      As a "compromise" that gives Microsoft an unfair advantage, there's a second key (private half possessed by Microsoft) enrolled for non-Windows bootloaders like Shim and PreLoader. Microsoft signs them with that key, and you can get the benefits of secure boot for Linux. Problem is, for secure boot, UEFI has a forbidden signatures database that Microsoft likes to update from time to time. A vulnerability found in Shim? That version of Shim gets blacklisted thanks to a Windows update. This is particularly a pain when dual-booting with Linux, though not hard to solve.

  • @mrtransistor6173
    @mrtransistor6173 11 днів тому +39

    I remember trying to install linux on tablet PCs using the newer intel atom CPUs (cherrytrail & baytrail). UEFI made this process a nightmare. Computing generally sucks more than it ever has.

    • @djnikx1
      @djnikx1 11 днів тому +1

      Was is Asus ROG Flow Z13?

    • @mrtransistor6173
      @mrtransistor6173 11 днів тому

      @@djnikx1 Linx and Toshiba Encore tablets.

    • @DigitalHandle
      @DigitalHandle 3 дні тому

      I mean..
      At least it wasn't like back in the 80's, or even the 70's..

    • @mrtransistor6173
      @mrtransistor6173 3 дні тому

      @ Not exactly sure what you mean by this.

  • @markjakker
    @markjakker 11 днів тому +60

    So basically, UEFI has a critical and permanent backdoor in the "protocol" that we replaced BIOS with. Fantastic. I don't think anyone saw this coming /s

    • @JohnDoe-ip3oq
      @JohnDoe-ip3oq 11 днів тому +12

      Matter of time when the whole thing is an unencrypted fat32 partition, and NOBODY felt it was necessary to question it.

    • @kenshn22828
      @kenshn22828 10 днів тому +5

      From my understanding this is fixed by releasing a new certificate for a version of reloader.efi with the secure load image function and updating the db and dbx files. The end of the video makes it seem like this has already been done.

    • @markjakker
      @markjakker 10 днів тому

      @@kenshn22828 no. this exploit method BYPASSES uefi auth and crypto checks by not running those two or one of those essential functions, according to the video. aka, there is no fix due to the bypass capability via said backdoor

    • @arthurmoore9488
      @arthurmoore9488 9 днів тому

      Tell me you don't understand UEFI without saying it...
      Bootloader attacks existed before UEFI. This is bypassing a UEFI security check. One that doesn't even exist on BIOS!

    • @lambchomp1472
      @lambchomp1472 8 днів тому +2

      No, it's an expired certificate, hardly a "backdoor" in the protocol. Update DBX and you'll be okay. The link about the exploit also said it required write access to the EFI partition and so on...

  • @camberwellcarrot420
    @camberwellcarrot420 День тому +3

    I liken UEFI and secure boot to modern cars, whose needless complexity and factory spyware make older vehicles more desirable for people who just want to drive hassle free.

  • @hydra3468
    @hydra3468 12 днів тому +116

    My man, how come you're not uploading on Odysee anymore?

    • @sebastianx708pl
      @sebastianx708pl 12 днів тому +91

      probably sync from yt to odysee dosen't work anymore and must be uploaded manually, quote from odysee post:
      "UA-cam has recently implemented additional anti-competitive measures that limit our ability to automatically sync videos from UA-cam to Odysee for creators who have opted into this service."

    • @hydra3468
      @hydra3468 12 днів тому

      @sebastianx708pl Ah I see, thanks for the info!

    • @waynekc01
      @waynekc01 11 днів тому

      That's so fckn gai

    • @nahidahmed9153
      @nahidahmed9153 11 днів тому +18

      ​@sebastianx708pl so why cant he manually upload? is that too difficult? he blames a lot of big corpo but he himself is so lazy to do anything

    • @tech-bore8839
      @tech-bore8839 11 днів тому

      @@nahidahmed9153 Yes, he can upload manually. No, it's not difficult. In fact, it's super simple.
      I've already commented on how many big creators (Brody Robertson, Distrotube, Techlore, etc.) have become lazy when it comes to Odysee itself. Sad to see Mental Outlaw has fallen into the same crowd, but at least it shows where his priorities are (i.e. UA-cam Money > alternate platforms).
      Many creators whined about Odysee not being as competitive as UA-cam, and hardly (if ever) advertised it to their viewers. Yet those same creators certainly had no issues about mirroring their own videos on Odysee because of the syncing feature.

  • @Emancipatriot
    @Emancipatriot 11 днів тому +17

    Man this is some pretty brilliant malware. These guys have so much potential they could go legit and be wealthy

  • @reyalPRON
    @reyalPRON 7 днів тому +3

    You get a thumbs up for the Pentium-MMX rig. ;) wish i kept some of mine

  • @rekire___
    @rekire___ 12 днів тому +50

    Bios bros why we are just keep winning?

  • @ENNEN420
    @ENNEN420 11 днів тому +32

    "But bro, why would you use BIOS legacy over UEFI in 2025? It's so old!"

    • @JPs-q1o
      @JPs-q1o 11 днів тому +3

      GRUB2 for PC IPL 😁

    • @JohnDoe-ip3oq
      @JohnDoe-ip3oq 11 днів тому +2

      If BIOS supported Rebar and modern Windows, I'd go back to using it.

    • @sayori3939
      @sayori3939 10 днів тому +5

      it's not bios that don't support windows, it's the other way around

  • @combatjeyj6234
    @combatjeyj6234 12 днів тому +19

    Haven't watched but the title goes hard

  • @xgui4-studios
    @xgui4-studios 11 днів тому +6

    this is really scary not gonna lie , espicially when you are a on laptop that the oem still havent update your laptop firmware for patching vulnerability .... and this is even worse when no alternative uefi/firmware are availaible

  • @crackthefoundation_
    @crackthefoundation_ 11 днів тому +13

    I have always hated EUFI because years ago it would screw up my dual boot.

    • @project_speedy_addiction
      @project_speedy_addiction 11 днів тому +3

      You can try using coreboot with compatible hardware if that problem arises again, grub2 payload is nice with that.

    • @crackthefoundation_
      @crackthefoundation_ 11 днів тому

      @MikePainstill Cheers, thanks!

    • @project_speedy_addiction
      @project_speedy_addiction 11 днів тому +2

      @@crackthefoundation_
      Please make sure that Coreboot is actually compatible with the system, if it isn’t and you replace UEFI with it then you are screwed.

  • @PrideSage99
    @PrideSage99 11 днів тому +18

    Oh wow, but I thought Windows 11 with it's arbitrary TPM and secure boot requirements were supposed to protect me from teh compooter wiruses.
    Doesn't Microsoft care about me? (sarcasm)

  • @SeattleSpursFan1882
    @SeattleSpursFan1882 9 днів тому +7

    @1:07 lol @ "Normally, the way a system boots" while showing a system booting into Win95 which most definitely didn't use UEFI to do so.

  • @Ash_G
    @Ash_G 7 днів тому +3

    Remember the simpler days of BIOS, dual-boot and non-Bitlocker SSD?
    Wait till you find out that WD My Book encrypts its drives even if you don't set an encryption. Now, why would a manufacturer do that?

  • @xypha85
    @xypha85 11 днів тому +4

    my experience with secure boot, its not to protect users, its to let windows control users under the guise of protect. secure boot has done more to restrict how i want to use my pc then it has ever done anything to protect

  • @robkam643400
    @robkam643400 11 днів тому +7

    This seemed totally obvious to me when 'Secure Boot' was announced.

  • @willkendallpro
    @willkendallpro 11 днів тому +10

    I would just like to point out that it has never been acceptable (in professional IT) to make a certificate valid for longer than a year. This is why. Thanks, Microsoft!

    • @sirseven3
      @sirseven3 10 днів тому +1

      Now if only they can update their compatibility drivers....

  • @13thravenpurple94
    @13thravenpurple94 11 днів тому

    What an awesome video! Thanks for putting this together! 👍

  • @JouvaMoufette
    @JouvaMoufette 6 днів тому +1

    This sounds so similar to how CrowdStrike broke. Signed software that can load unsigned software or data that in turn is broke.

  • @tenminutetokyo2643
    @tenminutetokyo2643 10 днів тому +2

    Oh outsourcing has been so good for us.

  • @JohnDoe-ip3oq
    @JohnDoe-ip3oq 11 днів тому +25

    UEFI installs itself on an unencrypted fat32 partition. Such wonderful security, and nobody questioned it. Now they're going to change it and make everyone buy new hardware to get access to the fix.

    • @khalilbrsc
      @khalilbrsc 7 днів тому +4

      No, every statement in your comment is false. UEFI lives in the firmware (EFI binaries live in the FAT32 partition). No one is changing FAT32 to be encrypted any time soon, and even if they did you'd can't execute code you can't read (in its decrypted form). You can encrypt the partition, sure (if you also write your own UEFI firmware to decrypt and read that), but this doesn't change the fact that what is actually being "defeated" here is the vulnerable EFI binaries presented. Those binaries have a valid and trusted signature and thus have permission to execute. The signatures for those vulnerable EFI apps should be blacklisted (included in dbx), and then the problem is solved.
      Using your own keys is also an option on some machines, that way you don't have to trust (sign) anything but the files you want to run (ie, your kernel, initramfs, etc).

    • @JohnDoe-ip3oq
      @JohnDoe-ip3oq 7 днів тому

      @khalilbrsc lol "everything is false", proceeds to admit the fat32 partition exists, and explain how it works. Fat32 has ZERO security permissions unlike NTFS, that's full unrestricted write access. Fat32 also has ZERO data integrity, make a USB drive with fat32, unplug it while in use, whole thing is corrupted. Why do we even need EFI? It shouldn't exist. I get there's security behind it, but the implementation is flawed. Not only that, but this is behaving like a state sponsored backdoor, as governments would have full unfettered "official" backdoor access with this technology, and all backdoors have the potential to be leaked or reverse engineered. Linux has access to secure boot. There's nothing stopping a hacker from installing a Linux rootkit, and some virtual machine technology to boot into Windows. I just don't think it should exist at all, REGARDLESS of security, because the tech itself is too vulnerable to exploit. There should be zero possibility of remote code execution, NOT limited possibility. Anything exploitable will be exploited. There's also the issue that this technology itself is a rootkit from official vendors. It's running vendor code from China under ring 0 with Internet access. Asus has been reported to force users into installing Armory crate via their UEFI. Oh, but this is ok, because it's "official". What? IDC what vendor it is, not even Intel or AMD should have this capability. Zero rootkit or exploits should be in a BIOS. No remote code or OS under the OS. Similar issue with flash drives, as they have their own operating system and CPU running the flash chips. Just install a backdoor into the SSD firmware, can't detect it. Yet another exploit deliberately not called out, and this exploit has been used by state actors for a while. Intercept hardware delivery, replace with exploited hardware. Obviously not widespread, but there's nothing stopping it from being widespread either. Stuxnet went rogue and got discovered by Kaspersky. Whoops. The possibility shouldn't exist. China doesn't need nukes to win a war, they make all PC hardware, just remote disable everyone's computer systems, infiltrate a bank to steal a fractional penny from every transaction. Whatever. The backdoor should not exist.

  • @stage6fan475
    @stage6fan475 11 днів тому +4

    Algorithm. Thanks for informing us about these increasingly worrying issues. UEFI malware is particularly scary!

  • @mrchillgreen
    @mrchillgreen 10 днів тому +7

    @Mental Outlaw
    kinda miss the section in where you tell us how to UPDATE against this vulnerability, is it a simple bios update?

    • @Ordlnary_Gamer
      @Ordlnary_Gamer 4 дні тому

      We really can’t.

    • @Jzwiz
      @Jzwiz 23 години тому

      Normal windows update

  • @sn5806
    @sn5806 11 днів тому +7

    Honey wake up! New UEFI vuln just dropped.

  • @nobody_fear
    @nobody_fear 12 днів тому +30

    anyone else watch at 4x speed? good video. i need another coffee.

  • @taragwendolyn
    @taragwendolyn 11 днів тому +6

    I knew there was a reason I didn't install the Microsoft keys when I set up secureboot on my laptop... ;)

  • @likemy
    @likemy 11 днів тому +5

    Insecure Object Reference. One of the OWASP's top 10. That's a big mistake in a crucial place.

  • @ozoak
    @ozoak 7 днів тому +1

    UEFI was always a problem waiting to happen, and modification should always have been something restricted by a hardware switch. Defaulted to an 'off' position, home users would never flip it, and managed services providers could control the environment and deploy hardware with it on.

  • @VenomKen
    @VenomKen 12 днів тому +29

    How about we just all come to the understanding that if it has been secured by human intelligence it can be broken by human intelligence. There's a reason for this...human incompetence is way more powerful than human intelligence.

    • @vidal9747
      @vidal9747 12 днів тому +2

      It is still worth it to keep hardening systems. The less script kiddie friendly the best.

    • @blazebox71
      @blazebox71 11 днів тому +6

      The real issue is that there are more people looking for vulnerabilities than there are people actively trying to secure them. There are untold millions of threat actors all looking for the next exploit. Any software manufacturer is always going to be behind the 8 ball

    • @ohwhen7775
      @ohwhen7775 11 днів тому

      And people might be surprised to find out who some of the actors performing such threats behind closes doors actually are. If I told you all, some of the random individuals I know are involved, I wonder how many of you would actually believe me. 🙊

    • @JPs-q1o
      @JPs-q1o 11 днів тому

      Microsoft is a DEl shop. The systems were "secured" by subhuman intelligence.

  • @project_speedy_addiction
    @project_speedy_addiction 11 днів тому +5

    Coreboot never stops being better!

  • @kevalan1042
    @kevalan1042 11 днів тому +4

    What's the point of having signature lists if the payload is unsigned and arbitrary?

  • @xYamakaze
    @xYamakaze 11 днів тому +3

    Hey, the command provided in the article returned a False for me. How do I manually go about applying the latest UEFI revocations? The article says "Windows systems should be updated automatically." but when checking for Windows updates, there are none to be applied. I'm on Windows 10, and I even updated my system yesterday with KB5049981 and KB5050188. What gives?

  • @CashFlowCraze
    @CashFlowCraze 11 днів тому +11

    me using legacy bios🗿

  • @theFlyingSwami
    @theFlyingSwami 11 днів тому

    Those term commands at the end; Thank you!

  • @nonenothingnull
    @nonenothingnull 6 днів тому

    It almost feels like having shoddy bios is consequential

  • @RosieSapphireMusic
    @RosieSapphireMusic 11 днів тому +1

    So, what do I do if the Poweshell command returns False?

    • @sirseven3
      @sirseven3 10 днів тому

      reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x80 /f
      Restart-Computer

  • @Shocker99
    @Shocker99 10 днів тому +2

    My 'system is affected by the CVE-2024-7344' and i'm 'protected (the vulnerable driver is revoked on your system)'.
    So i guess i have no worries here

  • @YetAnotherNotHacking
    @YetAnotherNotHacking 11 днів тому +6

    Bro covers this malware and then ends it with "Run this in your powershell to check if you are vulnerable" I wonder what that looks like to someone that does not understand the command XD

  • @yoppindia
    @yoppindia 9 днів тому +1

    when NSA writes the UEFI worm, you wont know that it even exists.

    • @RolandAdams-h4m
      @RolandAdams-h4m 9 днів тому

      make it past tense 🙂

    • @yoppindia
      @yoppindia 9 днів тому +1

      @RolandAdams-h4m trump is not going to abolish nsa, he will just rename it.

    • @RolandAdams-h4m
      @RolandAdams-h4m 9 днів тому

      @ Past tense in a sense that they already did it.

    • @yoppindia
      @yoppindia 9 днів тому

      @@RolandAdams-h4m hmm, I wonder if I am infected

    • @RolandAdams-h4m
      @RolandAdams-h4m 8 днів тому +1

      @ we may never know 🙂

  • @Shocker99
    @Shocker99 10 днів тому +2

    What's should someone do if they have the vulnerability and it's not patched?

  • @XxZigonxX
    @XxZigonxX 11 днів тому +5

    mr hacker man, how do i copy and paste that from your video @8:00

    • @rejvaik00
      @rejvaik00 10 днів тому

      Just type it out from the video I did and it worked remember to open up PowerShell in administrator
      sadly though it returned false so I don't know what to do now

  • @ikity99
    @ikity99 12 днів тому

    On guard of software security as always. Thanks for news

  • @JohnCiaccio
    @JohnCiaccio 7 днів тому +1

    Another example of unnecessary security "advancements" that do more harm than good. We have a bunch of new ewaste because of things supposedly built for security being utter unfixable garbage. HP and Dell make some of the worst systems in the last 5 years..

  • @RockyAllenLane
    @RockyAllenLane 7 днів тому +1

    Please put string to check if infected above so people can copy it!!!

  • @sergrojGrayFace
    @sergrojGrayFace 10 днів тому +1

    On Windows with default settings root access is very easy, as UACME demonstrates.

  • @c5on
    @c5on 8 днів тому

    So nice last Linux UEFI dbx update was 2023.06. Thanks Linux Foundation.

  • @aliveandwellinisrael2507
    @aliveandwellinisrael2507 11 днів тому +6

    So you need root? Wow, they'll have to bring a whole extra usb drive with them and run their favorite LInux live installer

  • @ruperterskin2117
    @ruperterskin2117 4 дні тому

    Appreciate ya. Thanks for sharing.

  • @逈
    @逈 12 днів тому

    Love how you upload frequently

  • @tihsitef8183
    @tihsitef8183 11 днів тому +1

    I had a dream i woke up one day and every computer on the planet was infected with bios/uefi malware making them inoperable, simply showing an 8bit horse galloping across the screen.
    I live in fear of that day, not because it might, but because it will.

  • @stackflow343
    @stackflow343 9 днів тому +1

    Tried the powershell code, just undefined variable errors.

  • @solvated_photon
    @solvated_photon 10 днів тому

    I have two laptops that were compromised maybe 5-6 years ago that simultaneously lost the ability to boot off of USB or optical.

  • @BobWidlefish
    @BobWidlefish 10 днів тому +1

    Sounds like a Vault7 backdoor.

  • @xXBlackAngelDoomXx
    @xXBlackAngelDoomXx 8 днів тому

    This is, from a certain point of view, similar to the CrowdStrike’s Falcon security software issue. I remember in that case they bypassed Microsoft review/signing with a custom .dat file containing actually an executable, in order to be able to release before new versions of the sw

  • @adsan7787
    @adsan7787 11 днів тому +2

    I love that i forgot to enroll microsoft keys when setting up my secure boot

  • @stunnerr
    @stunnerr 7 днів тому

    when the so-called "secure" boot relies on someone that's not you, its not secure anymore

  • @ocsrc
    @ocsrc 8 днів тому

    Trying to wipe the BIOS UEFI and allow an OS to be installed and actually boot is a freaking nightmare
    I went through hell with one laptop and I couldn't find out why it would not boot
    It just sat there with a blinking cursor
    I finally was able to flash the BIOS and put a generic BIOS on the machine and it went fine after that but it took days to get it to work

  • @prabhatkumar5613
    @prabhatkumar5613 11 днів тому +2

    i have windows, if the last command's output is false am i cooked?? or is there a solution??

  • @GuretoSefirosu
    @GuretoSefirosu 8 днів тому +2

    What if you're running Linux? How about Linux with a signed kernel (ie: no MS crap on the system)?

  • @茂佐藤-s6e
    @茂佐藤-s6e 11 днів тому

    Since MNT Next Reform(an arm based open hardware laptop) is on its way to release next year, I’m not really worry about this.

  • @dieselphiend
    @dieselphiend 11 днів тому +2

    Last time I got hit by a virus a bit like this was in 1999, with the "Chernobyl" virus.

  • @Verrisin
    @Verrisin 4 дні тому

    secure boot was always ridiculous, and clear step towards trying to make sure you do not own your PC.

  • @ocsrc
    @ocsrc 8 днів тому

    WOW there are a lot of full 30 second ads before the video plays

  • @pauloseixas5452
    @pauloseixas5452 11 днів тому +9

    whenever i got an issue i just scream MICROSOFT and download the latest updates if there's none i sleep in hopes that when i wake up everything will be fine and dandy

  • @davidfrischknecht8261
    @davidfrischknecht8261 11 днів тому +17

    The first thing I did with my laptop when I got it was boot into the UEFI firmware settings and disable Secure Boot.

    • @xgui4-studios
      @xgui4-studios 11 днів тому +16

      that doesnt fix the issue it only open more doors ....

    • @davidfrischknecht8261
      @davidfrischknecht8261 11 днів тому +19

      @@xgui4-studios It makes installing Linux easier.

    • @seansingh4421
      @seansingh4421 11 днів тому +5

      @@davidfrischknecht8261 Majority of Distros are already Secure Boot compatible. Your argument only holds true if one plans to install nvidia’s linux drivers

    • @KwadwoAdjeiDuah
      @KwadwoAdjeiDuah 11 днів тому +1

      Yeah sucks to be me

    • @dsvechnikov
      @dsvechnikov 11 днів тому +4

      So... How exactly does this help you to avoid malware capable of bypassing secure boot?

  • @qurqo
    @qurqo 9 днів тому +1

    So is t better to run legacy mode boot manager without UEFI?

  • @rockarollawmn
    @rockarollawmn 9 днів тому +2

    I wish the compugeniuses would do a version of these big brain vids for us 5 year olds.
    Lay out NONE of the parts that are not just explaining the issue and the solution, please to us- like we're 5 because we deserve security on our computers as much as the compusavvy.

  • @ashishpatel350
    @ashishpatel350 11 днів тому +1

    wonder what they will come up next.

  • @im1random263
    @im1random263 10 днів тому

    That's why I dumped the contents of my motherboards SPI Flash right after buying it with a cheap CH341A based programmer. This not just gives you the ability to reprogram the chip after a failed BIOS update, but apparently can also protect you against BIOS level malware.

  • @CrescentUmbreon
    @CrescentUmbreon 9 днів тому

    So, again, for the uninitiated, how do you go and get the updated dbx signatures if they return false?

  • @adriansuhr
    @adriansuhr 9 днів тому +1

    Computer security: Trust me bro

  • @niewazneniewazne1890
    @niewazneniewazne1890 11 днів тому +1

    To add insult to injury.
    I find that microsoft/windows 11 doesn't update DBX and you have to do it through fwupd on Linux.
    My Lenovo ThinkPuter T14 bios displays 423 banned signatures.

  • @Riva1000
    @Riva1000 9 днів тому +1

    Since when system reset was a way to solve malware infection ?
    AFAIK vast majority of malware since forever persists between system (OS) restarts.
    I have hear several times in this video, that this is why this malware is more dangerous. It makes no sense.
    Didn't the author mean that the infection persists OS *reinstalls* ?
    That would make more sense to me.

  • @dashyot
    @dashyot 12 днів тому +7

    conputers

  • @schmudej85
    @schmudej85 11 днів тому +1

    Remind me again what was wrong with BIOS which had to be flashed and why we needed an "updated" firmware with the ability to be modded in place?

    • @mattsgamingstuff5867
      @mattsgamingstuff5867 11 днів тому +6

      This exploit would be even easier in legacy bios. If you have root you can write the first 512 bytes of drive (that's all it does load the first thing in the boot priority list where the first 512 bytes end in the correct two byte bootable signature and hand over execution). Boom boot loader replaced. This isn't a UEFI problem it's a people signing bad code problem. You can change your Secure boot keys if you wish to whitelist only the software you want to boot your computer. A traditional bios would have no way to prohibit root software from running an undesired bootloader.
      This type of malware was pretty common in the dos and win9x days.

  • @BartholomewBadrotten
    @BartholomewBadrotten 12 днів тому +5

    When do we get that PinePhone review you promised back when?

    • @damianchang6439
      @damianchang6439 12 днів тому +3

      From Mental Outlaw 3 years back ua-cam.com/video/WA0rxLniBbc/v-deo.htmlsi=baZFK1vOMAUjgEUy

  • @terriblegamer6975
    @terriblegamer6975 8 днів тому +1

    Does that command return false if secure boot isn't on

  • @osmosis_8692
    @osmosis_8692 8 днів тому +1

    So why do we have secure boot, again?

  • @muaries12
    @muaries12 11 днів тому +1

    Secure boot is such a pain in the neck and doesnt offer much security. I always have it off on my devices. I find it best an up to date OS, good paid AV (i use eset premium) and common sense

  • @JPs-q1o
    @JPs-q1o 11 днів тому +1

    There's better ways to ensure file copy has completed before continuing script execution.
    Jus' sayin'

  • @trjberg
    @trjberg 6 днів тому

    I wonder if it's possible to update the firmware without starting the computer so to speak. Like access the firmware chip directly?

  • @niijipilot
    @niijipilot 9 днів тому

    Oh this is old school hacker stuff

  • @S0ci0stan
    @S0ci0stan 11 днів тому +12

    Windows is just going to get worse and worse until I have to switch to Linux, isn't it?

    • @Sam-m1y6d
      @Sam-m1y6d 10 днів тому

      Yup

    • @sayori3939
      @sayori3939 10 днів тому +4

      and linux is community is just gonna get more and more toxic until you're forced to to believe in some shit and you end up using a macbook (i hate apple)