A few months back, we brought attention to the PKfail vulnerability associated with Secure Boot—an issue stemming from manufacturers shipping devices with known compromised software. Recent investigations by the original security researchers have uncovered that the problem is significantly larger than initially thought.
For a quick recap: The vulnerability exploits code that circumvents Secure Boot encryption, enabling the loading of software in a pre-boot environment. This code was leaked on an open repository in 2022. Despite being aware of the issue, manufacturers continued to release devices with compromised security, with some even shipping units that bore pre-production warnings such as “DO NOT TRUST” in their firmware.
According to Ars Technica, Binarly—the original publisher of the research—and other security experts have discovered an expanded list of susceptible devices. The number of vulnerable models has surged to nearly four times the original count, now encompassing close to a thousand models of desktops, laptops, and other x86-based hardware.
While the initial list included prominent brands like Dell, Acer, and Intel, the widening awareness has led to the inclusion of other manufacturers such as Fujitsu and Supermicro, along with smaller brands like Beelink and Minisforum.
The PKfail issue is not limited to typical hardware and Windows-based systems. Data from Binarly’s online detection tool indicates that enterprise servers, point-of-sale machines, gaming consoles, ATMs, and even some medical devices and voting machines are affected. Describing this situation as “alarming” hardly captures its seriousness.
Although the prospect of remotely exploiting Secure Boot presents considerable challenges for hackers, the PKfail vulnerability is particularly concerning for individuals at risk of data theft or surveillance. It’s most likely to be exploited against high-profile targets or by state-sponsored hackers looking to gain access to sensitive information. Nevertheless, Binarly warns that the PKfail vulnerability is already being actively exploited in real-world scenarios.
For those with affected devices, the solution involves obtaining a BIOS or UEFI update from your motherboard manufacturer. You can utilize Binarly’s online detection tool to determine if your PC is affected.