BleepingComputer reports that UEFI malware, such as BlackLotus and CosmicStrand, could be distributed across more than 800 UEFI devices from Acer, Dell, HP, Intel, and six other vendors impacted by the critical PKfail supply chain issue that enables Secure Boot evasion.
Such a vulnerability stems from impacted devices' usage of an American Megatrends International-generated Platform Key with the "DO NOT TRUST" tag that the vendors should have replaced, according to a report from the Binarly Research Team. "This Platform Key, which manages the Secure Boot databases and maintains the chain of trust from firmware to the operating system, is often not replaced by OEMs or device vendors, resulting in devices shipping with untrusted keys," said Binarly researchers. Such findings should prompt the immediate replacement of test Platform Keys from independent BIOS vendors with keys generated in adherence to cryptographic key management best practices, researchers noted. Organizations have also been urged to ensure the implementation of issued fixes for the PKfail supply chain issue.
