Did one of the AMI UEFI keys leak out?
Information Security Specialist Adam Caudill has posted an interesting entry on his blog .
According to this record, his partner Brandon Wilson came across a Taiwanese FTP server from one of the vendors (according to some sources, Jetway is the vendor). On this FTP server, among various files, were found in open access: internal mail correspondence, system images, photos, personal information, images of printed circuit boards in high resolution, private specifications and so on.
However, the most interesting was ahead. The source code for the various versions of the American Megatrends (AMI) firmware lay in the “code” directory and that's not all. A private UEFI key was also found in an archive called “Ivy Bridge”.
')
If this key was actually used in the vendor's products, then the possibility of using this key and source code to create a UEFI update with malicious code is not excluded. This update can be used against vendor products using this “Ivy Bridge” firmware. If the key was used in many products, then the vendor’s business is much worse.
After the blog was published, the author contacted AMI, which confirmed that the vendor is indeed an AMI client. The key that was found in the Ivy Bridge archive is the test default key. AMI recommends that you do not use the default-key for real products, but it is not known at this time whether the vendor followed this recommendation.
Despite the fact that it is not yet clear how useful the leaked UEFI key is. This leak is still of interest, as judging by the dates in the source code, it was changed relatively recently - in February 2012.
According to this record, his partner Brandon Wilson came across a Taiwanese FTP server from one of the vendors (according to some sources, Jetway is the vendor). On this FTP server, among various files, were found in open access: internal mail correspondence, system images, photos, personal information, images of printed circuit boards in high resolution, private specifications and so on.
However, the most interesting was ahead. The source code for the various versions of the American Megatrends (AMI) firmware lay in the “code” directory and that's not all. A private UEFI key was also found in an archive called “Ivy Bridge”.
')
If this key was actually used in the vendor's products, then the possibility of using this key and source code to create a UEFI update with malicious code is not excluded. This update can be used against vendor products using this “Ivy Bridge” firmware. If the key was used in many products, then the vendor’s business is much worse.
After the blog was published, the author contacted AMI, which confirmed that the vendor is indeed an AMI client. The key that was found in the Ivy Bridge archive is the test default key. AMI recommends that you do not use the default-key for real products, but it is not known at this time whether the vendor followed this recommendation.
Despite the fact that it is not yet clear how useful the leaked UEFI key is. This leak is still of interest, as judging by the dates in the source code, it was changed relatively recently - in February 2012.
Source: https://habr.com/ru/post/175699/
All Articles