A few months ago, we reported on the alarming PKfail vulnerability in Secure Boot—a security flaw arising from hardware manufacturers shipping devices with known compromised software. Recent investigations by the original security researchers have revealed that the issue is far more extensive than initially anticipated.
For those who missed the original coverage, here’s a brief recap: The exploit involves code that bypasses Secure Boot encryption, allowing software to be loaded in a pre-boot environment. This code was leaked in an open repository back in 2022. Despite the known risks, manufacturers continued to distribute devices with compromised security, some even including pre-production warnings such as “DO NOT TRUST” embedded in the firmware.
As reported by Ars Technica, Binarly—the original publisher—and other security researchers have identified a significantly larger number of vulnerable devices. The list of affected hardware has surged to nearly four times the initial count, encompassing almost a thousand models of desktops, laptops, and various x86-based devices.
Initially, the vulnerability affected systems from major manufacturers like Dell, Acer, and Intel. However, as awareness of the issue has grown, other companies such as Fujitsu and Supermicro have been added to the list, along with niche manufacturers like Beelink and Minisforum.
The implications of the PKfail vulnerability extend beyond standard hardware and Windows PCs. Binarly’s online detection tool has uncovered affected enterprise servers, point-of-sale systems, gaming consoles, ATMs, and even medical devices and voting machines. Labeling this situation as “alarming” would be an understatement.
Despite the seriousness of the vulnerability, exploiting Secure Boot remotely presents significant challenges for hackers. Therefore, PKfail is primarily a concern for individuals at risk of being targeted for data theft or surveillance. It’s more likely to be exploited against high-profile individuals or by state-sponsored hacker groups aiming to access sensitive government or industry information. Nonetheless, Binarly cautions that the PKfail vulnerability is already being actively exploited in the wild.
If you own an affected device, the recommended solution is to obtain a BIOS or UEFI update from your motherboard manufacturer. You can check if your PC is impacted by using Binarly’s online detection tool.