The fact that Secure Boot is not allowed means that the code responsible for booting the operating system, both at the UEFI level and the Windows bootloader itself, is not encrypted. As such, malicious code may be inserted into the boot process to control the OS kernel, a malware attack known as a bootkit (boot rootkit).
UEFI bootkits have been used in the wild for over a decade. Examples include LoJax (2018), MosaicRegressor (2020), FinSpy (2021), ESPecter (2021), MoonBounce (2022), CosmicStrand (2022), and BlackLotus (2023) .
A sign of a wider story
While the Eclypsium study only looked at the Illumina iSeq 100, the researchers believe that many medical devices may be suffering from firmware security issues inherited from the hardware supply chain. Medical device vendors do not always develop their device hardware themselves, instead they focus on their core technology area and outsource the entire device development process to ODMs and IBVs, for example.
Source link