'While Hoglund believed that most computers would not have protections against writing to flash memory turned on by default, NGSSoftware's Heasman disagreed.

"The obstacles to deployment are numerous," Heasman said. "Almost all machines have a physical protection, such as a jumper on the motherboard, against flashing."'

I'm with Hoglund - the last time I saw a motherboard with a jumper to protect the BIOS from unintentional flashing must have been 1996 or so. Every device with user-upgradeable firmware I'm seen in recent years is ready to accept a flash upgrade immediately. This was to my detriment when some piece of software inadvertently trashed one in every sixteen bits of the firmware in a DVD-Rom drive, "bricking" it in the process.

Hardware manufacturers, PLEASE start adding write-protect jumpers, NOW!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11372/32993#32993