“Bootkitty” is likely a proof-of-concept, but may portend working UEFI malware for Linux.

“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. “Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.”

  • nyan@lemmy.cafeEnglish
    14·
    7 hours ago

    Attacks only machines running specific Ubuntu kernels and using specific boot methods. Plus no actual payload. This doesn’t yet represent a real risk.

    Where we’ll be in ten years’ time is unknowable, however. I think the Ars commentors who suggested going back to forcing jumper cap swaps or other hardware-mediated access requirements before overwriting the mobo’s boot firmware might be on the right track, even if it’s inconvenient for large corporate deployments. It’s normal for security and convenience to pull in opposite directions, and sometimes you just have to grin and bear it.