Rafal Wojtczuk and Corey Kallenberg team up to disclose several prevalent vulnerabilities that result in SMM runtime breakin as well as arbitrary reflash of the UEFI firmware. The vulnerabilities disclosed and their corresponding exploits are both prevalent among UEFI systems and reliably exploitable. The consequences of these vulnerabilities include hypervisor and TXT subversion, bricking of the victim platform, insertion of powerful rootkits, secure boot break, among other possibilities. We will highlight a bug in one of the critical hardware protection mechanisms that results in a compromise of the firmware.”]
Source: https://fahrplan.events.ccc.de/congress/2014/Fahrplan/events/6129.html