Slashdot Mirror

← Back to Stories (view on slashdot.org)

AMI Firmware Source Code, Private Key Leaked

Posted by Soulskill on from the never-trust-others-to-respect-your-property-as-much-as-you-do dept.

Trailrunner7 writes "Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan. Researcher Brandan Wilson found the company's data hosted on an unnamed vendor's FTP server. Among the vendor's internal emails, system images, high-resolution PCB images and private Excel spreadsheets was the source code for different versions of AMI firmware, code that was current as of February 2012, along with the private signing key for the Ivy Bridge firmware architecture. AMI builds the AMIBIOS BIOS firmware based on the UEFI specification for PC and server motherboards built by AMI and other manufacturers. The company started out as a motherboard maker, and also built storage controllers and remote management cards found in many Dell and HP computers. 'The worst case is the creation of a persistent, Trojanized update that would allow remote access to the system at the lowest possible level,' researcher Adam Caudill said. 'Another possibility would be the creation of an update that would render the system unbootable, requiring replacement of the mainboard.'"

2 of 148 comments (clear)

  1. Re:I'm safe from this by sveinungkv · · Score: 1, Flamebait

    I runz the Linux!

    I runz the Coreboot! ftfy

    --
    Spelling/grammar nazis welcome (English is not my first language and I am trying to improve my spelling/grammar)
  2. Re:Link? by Anonymous Coward · · Score: 0, Flamebait

    I couldn't care less about the security implications.

    Seeg Hile or something or another for the Grammar Nazi salute!

    *I use to get pissed at grammar Nazis. Until one day, someone in authority showed me a resume from someone who made a mistake much less than that one, and said "How can I hire someone who makes such stupid errors as that!?!"

    Now, when a grammar Nazi corrects me, I just nod in appreciation or hold back my flames if they're a dick about it.

    Things are so bad out there, they'll find any reason to dismiss you.

    You may not have problems now or you're secure, but one day, it may matter.

    When it was too late, I found out about some of my problems and issues - now, I'm unemployable and on wife support.

    There's nothing more humiliating that being on wife support. Especially when you were making six figures.

    Just telling you this because I don't want to seem like a dick or come across as someone who thinks "he's all that".