So much for UEFI security.

I read reporting in Ars this morning about the Kaspersky identified CosmicStrand UEFI rootkit. CosmicStrand is a sophisticated UEFI firmware rootkit that allows its owners to achieve persistence, while at the same time being extremely stealthy. As a nerd and tech instructor my hope has always been that with the move away from BIOS based computers to UEFI everyone would be more secure. The main features of UEFI (TPM, Secure Boot, etc.,…) enable its ability to better secure the computer boot process and identify attacks on the integrity of operating system files before they are loaded into memory and executed. It seems like CosmicStrand figured out a way around most of these protections.

black and gray uefi equipped computer motherboard
Photo by Valentine Tanasovich on