Remote Firmware Attack Renders Servers Unbootable

Security researchers have found a way to corrupt the firmware of a critical component usually found in servers to turn the systems into an unbootable hardware assembly. The recovery procedure requires physical intervention to replace the malicious firmware. Achieving this is done via regular tools used to keep the baseboard management controller (BMC) up to date.

Although deploying the malicious BMC update is possible from a remote location, the destructive step represents the final stage of an attack, so initial access to the target is needed. Using the host-based interface known as the Keyboard Controller Style (KCS), researchers from Eclypsium were able to pass a malicious firmware image to the computer’s BMC.

Read more about the highly disturbing new attack on BleepingComputer.