Internet-exposed devices that give BIOS-level access? What could possibly go wrong?

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

Security researchers from Eclypsium have disclosed nine vulnerabilities in IP KVM devices from four manufacturers. These low-cost ($30–$100) devices allow BIOS/UEFI-level remote access to machines and are often internet-exposed. The flaws include unauthenticated root access and remote code execution, stemming from basic security failures like missing input validation, weak authentication, and lack of cryptographic verification — the same class of issues that plagued early IoT devices a decade ago, but on hardware with physical-level access to connected systems.

Researchers disclose vulnerabilities in IP KVMs from four manufacturers

What Happens to the Developers When AI Can Code? | Ars Frontiers