Summary:
-
Vast Exposure: Security firm Binarly revealed that Secure Boot, a critical security feature, is compromised on over 200 device models from top manufacturers like Acer, Dell, and Intel due to a leaked cryptographic key.
-
Root of the Problem: The leak originated from a GitHub repository in 2022, where a platform key was poorly secured with a weak four-character password. This key forms the foundational trust between hardware and its firmware.
-
Broader Concerns: The situation points to a significant supply-chain issue affecting Secure Boot integrity on numerous other devices. In addition to the initial 215 devices identified, more than 300 additional models are suspected of using insecure or test-only platform keys distributed across multiple manufacturers.
!