UK NCSC on firmware security, part II


There’s a second post:

As we noted back in November, it’s common knowledge that keeping device software up to date and securely configured is important. System firmware, on the other hand, is often overlooked. Despite being critical to the secure operation of a device, it’s frequently out of date. But how bad is the problem? How widespread? And what can be done to remedy the situation? To answer these questions we decided to put our money where our mouth is and run some simple tests on one of our research networks. The goal was gain an accurate picture of the BIOS version running on all connected devices. The results were a wake-up call. The firmware of devices running on our own network required some attention. This may be the case for you as well.[…]

with some source code:


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s