Now, I'll admit my own password hygiene isn't always the best, though I have graduated from the days when I used"xxxxxx" for a few non-critical accounts under the reverse psychology assumption that it's so obviously insecure, nobody would bother trying it. Genius, I know. But even I realise a four-character password is a big no-no.
Apparently, a critical cryptographic key for Secure Boot that forms the root-of-trust anchor between the hardware device and the UEFI firmware that runs on it and is used by multiple hardware manufacturers was published online, protected only by a four-character password. Security outfit Binarly spotted the leak in early 2023 and has nowPart of the problem, as we understand it, is device makers basically using the same old keys over and over again.
All that said, Ars Technica quotes many of the brands involved essentially claiming that all of the relevant systems have now either been patched or taken out of service, which is presumably why Binarly is now publishing details of the security breach that would allow bad actors to take advantage of it.Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.