Word Notes 1.5.21
Ep 31 | 1.5.21

unified extensible firmware interface (UEFI) (noun)


Rick Howard: The word is: UEFI.

Rick Howard: Spelled: U as in unified, E as in extensible, F as in firmware, and I as in interface.

Rick Howard: Definition: An extension of the traditional Basic Input/Output System, or BIOS, that during the boot process, facilitates the communication between the computer's firmware and the computer's operating system.

Rick Howard: Example sentence: UEFI provides enhanced control, security and manageability of the systems start up process.

Rick Howard: Origin and context: From the very beginning in the 1980s, the personal computer boot process goes through two stages: a power-on self-test or POST hardware phase that ensures the necessary components are present and functioning properly, and a basic input/output system, or BIOS software phase that tells the CPU how to load the operating system. By the late 1990s, Intel, the chip manufacturer, and other vendors started working on ways to add more functionality to the BIOS software stage and to overcome the limitations of the original design. By the mid 2000s, hardware and software vendors formed the UEFI Forum to advance innovation in firmware technology standards. The question is, what happens if adversaries compromise the interface? That situation would give malicious teams an almost invisible persistence, a stealth beachhead to begin traversing the intrusion kill chain. Since the boot process runs the UEFI program before the operating system loads, the traditional endpoint protection solutions like antivirus and EDR, or Endpoint Detection Response, can't completely eradicate a compromised UEFI system. Those prevention controls aren't running during the boot process. Even after the boot, if they detected clues that hackers compromised the interface and succeeded in deleting the associated artifacts that compromised UEFI program, which just reestablish itself at the next reboot. There are ways to harden the UEFI system to reduce the likelihood of compromise, but they can't be implemented while the operating system is running. That installation friction prevents many PC owners from deploying them.

Rick Howard: Nerd reference: According to Andy Greenberg at WIRED magazine, the CIA may have been the first nation state to get caught using this technique and also prove that some of their developers are Doctor Who fans.

Rick Howard: The Vault 7 cache of secret CIA documents released by WikiLeaks in March of 2017 describe a series of hacker tools for a UEFI attack. One called the "Sonic Screwdriver," in a nod to the British television's long-running sci-fi show, modified the firmware of a standard Apple Thunderbolt to Ethernet adapter that tricked a Mac into booting its operating system from a spoofed network source that the adapter impersonates. According to Craig Elvy at the Screenrant website, the current iteration of the Time Lord's sonic screwdriver is, "a weapon, a tool, a scanner and a plot device all rolled into one convenient package." But when it was first introduced in 1968, it was literally just a screwdriver used by the good doctor to repair a broken pipe and looked like a small metallic pencil with a light at the end. With all that said, at least we know that somebody in the CIA is a Doctor Who fan.