Millions of Intel and ARM-Based Systems Vulnerable to Secure Boot Bypass Attack

A major security flaw has been uncovered in millions of Intel and ARM microprocessor-based computing systems from various vendors, allowing attackers to bypass the Secure Boot process due to a leaked cryptographic key. The so-called Platform Key (PK) from AMI, a crucial element in the Secure Boot chain, has been compromised, leaving devices vulnerable to exploitation.

Researchers at Binarly uncovered the issue, revealing that the key was leaked in 2018 and has since been widely used in devices from manufacturers like Lenovo, HP, Asus, and SuperMicro. This security vulnerability, dubbed “PKFail,” enables attackers to manipulate key databases and deploy bootkits that provide unauthorized access to devices.

The solution to this critical issue is relatively simple: affected devices must receive a firmware update to replace the compromised key. While some vendors have already taken steps to address the issue, the process may take time for certain devices and systems, such as data center servers or critical applications.

According to experts, the use of test keys in production firmware has been a longstanding problem in the industry, leading to widespread security risks. The PKFail incident highlights the urgent need for improved cryptographic key management practices in the device supply chain to prevent similar vulnerabilities in the future. Organizations are advised to disconnect affected devices from critical networks until a firmware update can be implemented to mitigate the risk of exploitation.