The chip boots a computer by helping load the OS and if hackers could infect the BIOS it would by-pass all the scanners in the world.
The theory is that the spies could plant malware, which would remain live and undetected no matter if the OS is wiped or re-installed.
The pair did a test of 10,000 enterprise-grade machines and found that 80 per cent of them had a minimum of one BIOS vulnerability.
What is worrying is that the flaws meant that all data could be grabbed if the BIOS were compromised. Also, even the encrypted data could be accessible irrespective of the user of the computer using privacy-powered security software.
While the mainstream press is not reporting how they did it,.the attack appears to be based on hitting UEFI firmware ? UEFI is designed to replace conventional BIOS and provides a well-defined interface to the operating system.
The point is that if an attacker finds a vulnerability in the UEFI "reference implementation," its proliferation across IBVs and OEMs would potentially be wide spread.
The BIOS could be the new gateway for a new generation of attacks which are hard to stop.