Researchers from Riot Games – the company behind the hit title Valorant – have stumbled upon a critical security flaw that affects millions of modern computers. The vulnerability, hidden deep in the motherboard firmware (UEFI), allows hackers to carry out so-called DMA attacks (Direct Memory Access). The most worrying thing about this case is that the breach occurs in the “gray zone“ – that brief moment between pressing the power button and loading the operating system, when standard antivirus programs are not yet active.
At the center of the scandal are leading technology giants such as ASUS, GIGABYTE, MSI and ASRock. The problem is rooted in the incorrect initialization of the hardware firewall, known as IOMMU. While the software on the surface proudly reports that the protection is active, in reality it remains “asleep”. This opens the door wide for malicious PCIe devices that can directly read and modify the contents of RAM, injecting code that remains completely invisible to Windows or Linux.
While the discovery was made in an attempt to block unscrupulous gamers using hardware cheats, experts at CERT/CC at Carnegie Mellon University warn that the risk is far more serious. The vulnerability could be used for industrial espionage or theft of encryption keys. The good news is that a successful attack requires physical access to the machine – someone literally has to plug an infected device into your computer.
If you own a motherboard from the listed brands, especially from the newer series (such as Intel 600/700/800 or AMD 600/800), immediately check the manufacturer's website for a BIOS update. Most companies have already released “patches“ that correct the behavior of IOMMU. Experts advise that after the update, manually check the settings in the “Advanced“ menu to make sure that the protection is set to “Full Protection“. The security of your data starts at the lowest level - don't let the “janitor“ of your computer fall asleep at his workplace.