I was reading the new and I came across this article . I have not spent lots of time reading the paper the article referred to but I pretty much agree with the fact that people rarely update their BIOS and since it does not get updated regularly it must be vulnerable to attacks.
However there is not known similar attacks, at least on large scale in spite of all the sophisticated attacks we hear about these-days. What is the article (and I) missing? what is stopping such attacks from happening?
There are EFI attacks that have wide-scale impact (in the case of the linked document, apparently to all Mac laptops not running a recent system update). Attacks on firmware have occurred in the wild as well. In short, such attacks are possible and are probably happening; it just might be that not many people are talking about them.
There are hundreds or even thousands of BIOS versions. Many motherboards (especially older) had have BIOS modified to specific hardware. There versions are very similar and changes between them (withing the same vendor and major version) are very small, often cosmetic. However, they differ.
So, infecting BIOS is not trivial, and is getting even harder each year.
In the same time, assembler knowledge is getting more and more rarer and harder. And each year bigger percentage of new viruses are written by C++/C#/VB.NET people, who doesn't do assembler at all. Don't expect them to be able to write proper handling code for these hundreds of versions.
