Supermicro server motherboards can be infected with unremovable malware

Title: Supermicro Server Motherboards Vulnerable to Unremovable Malware A security vulnerability has been discovered in Supermicro server motherboards, allowing for remote attacks through the baseboard management controller (BMC). The vulnerability can be exploited to install unremovable malware, potentially compromising the entire system. Researchers from Eclypsium, a cybersecurity firm, have identified the flaw, which lies in the BMC firmware. The BMC is a separate microcontroller that provides remote management capabilities, even when the main system is powered off. This makes the vulnerability particularly concerning, as it grants attackers persistent access to the affected systems. The vulnerability affects a wide range of Supermicro server models, making it a significant threat to organizations relying on Supermicro hardware. Eclypsium has notified Supermicro, but a complete solution may be challenging, as the BMC firmware is deeply integrated and difficult to update without compromising the system. The discovery highlights the importance of robust supply chain security and the need for hardware-level security measures to mitigate such vulnerabilities effectively.