Below the Surface (Audio) - The Supply Chain Security Podcast UEFI Vulnerabilities and Hardware Risks - BTS #58
13 snips
Sep 4, 2025 Chase Snyder, a security practitioner focused on network and firmware security, and Vlad Babkin, a firmware expert specializing in UEFI and hardware vulnerabilities, delve into crucial cybersecurity issues. They discuss the dangers of UEFI settings that can lead to hardware risks and the evolution of sophisticated Mirai variants targeting IoT devices. The conversation highlights the implications of emerging regulations like the EU Cyber Resilience Act, while stressing the need for better security measures against evolving malware and hardware threats.
AI Snips
Chapters
Transcript
Episode notes
UEFI Can Cause Physical Hardware Damage
- UEFI settings can push hardware outside vendor specs and physically damage components.
- Attackers with UEFI control could intentionally overvolt parts to cause destruction or denial of service.
UEFI Persistence Beats OS Defenses
- Living in UEFI bypasses OS-level protections and user-visible safeguards.
- An attacker with UEFI access can set settings outside the BIOS UI constraints and persist through reinstalls.
Historical Examples Of Physical Cyber Effects
- Paul and Vlad compared historical attacks like Stuxnet and NotPetya as physical-impact examples.
- They noted destructive cyber campaigns are rare because attackers usually want systems intact to monetize access.