Flashing the BIOS without a CPU - vulnerabilities?

Quartz · 2 Jun 2020 at 14:42

How exactly does flashing the BIOS without a CPU work? I can only assume there is another, cheap, CPU, somewhere on the motherboard. If so, what vulnerabilities does this induce?

Tetras · 2 Jun 2020 at 18:53

Presumably the vulnerability would be limited to having access to the rear I/O, since it flashes via USB, which I assume is superior to firmware updates via Windows.

Rroff · 2 Jun 2020 at 19:01

I've not looked into it but I'd assume stuff like Flashback uses a simple controller kind of like a storage controller, etc. that has basic USB storage IO and direct access to the BIOS chip to program it and not like a basic CPU as such - likely as above the only potential vulnerability is that it has I/O connectivity to a USB port.

Quartz · 2 Jun 2020 at 22:20

Surely reading the filesystem demands some sort of CPU?

CuriousTomCat · 2 Jun 2020 at 23:15

Quartz said:
Surely reading the filesystem demands some sort of CPU?

There'll be a chip with about as much sophistication as what you'd find in a washing machine or a microwave. My 20 year old digital camera can access the filesystem on a memory card. It doesn't require anything impressive or very complex to access a filesystem.

There's dozens of chips on a motherboard that carry out various tasks, the CPU is just one of many chips. There's a chip for BIOS flashing, another chip for sound, another chip for LAN, another chip for SATA...