back to article Samsung laptops can be NUKED by ANY OS – even Windows: new claim

New Samsung laptops that destroyed themselves when booting Ubuntu Linux can be bricked by ANY operating system – including Windows – according to a top embedded developer. Nebula programmer Matthew Garrett has shed new light on a baffling bug that renders shiny Sammy computers completely unusable by accident, and blamed the …

COMMENTS

This topic is closed for new posts.

Page:

  1. David Ward 1

    Hopefully he tested his concept code on a machine that he can recover by manually re-flashing the UEFI firmware from a console or something similar and isn't distributing it to the uninformed.

  2. Anonymous Coward
    Anonymous Coward

    So that's why it stopped working

    And I thought it was all down to Windows 8!

    1. Anonymous Coward
      Anonymous Coward

      Re: So that's why it stopped working

      Don't mention Windows 8. It will incur the comments of EADON

      1. Danny 14
        Joke

        Re: So that's why it stopped working

        We do not speak his name! The OS chooses the user, it is not always clear why.

  3. Alan Brown Silver badge

    Recovery...

    ...is simply a matter of pulling the cmos battery and letting bios ram evaporate.

    Nonetheless it shows that samsung need to get their fecal matter together. A lot of machines are likely to be RMAed for this procedure if anyone malicious decided to use it to tweak endusers' noses.

    1. Anonymous Coward
      Anonymous Coward

      It has bugger all to do with the CMOS battery and "BIOS RAM".

      You don't know what you're talking about; that's not where UEFI variables live, and you aren't even using the correct terminology. You're about ten years out of date and ill-informed with it. Why don't you actually read the linked article with the PoC? Or these two wikipedia entries:

      http://en.wikipedia.org/wiki/Nonvolatile_BIOS_memory

      http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Variable_services

      (Not linkified because I'm not allowed to post links for some arbitrary reason.)

      1. Grikath

        Re: It has bugger all to do with the CMOS battery and "BIOS RAM".

        nope.. the closest you can get to this effect using legagy OS and hardware is something like bricking a VIC 20 by POKE-ing straight into ROM. The poor things had no defense at all...

        Looks like someone forgot to build in some restrictions regarding adressable memory locations.

        1. Anonymous Coward
          Anonymous Coward

          Re: It has bugger all to do with the CMOS battery and "BIOS RAM".

          Except that a VIC20 ROM was just that, ROM, you couldn't 'POKE' anything into it that survived a reset and even then only if you were executing Kernel from RAM.

          The closest thing I can think of for this scenario is a Flash BIOS killing virus like CIH/Chernobyl or flashing an embedded device with the wrong firmware.

          Recoverable with a little effort and not strictly a hardware 'failure' as such but still a massive pain in the arse for users all the same.

          1. Danny 14

            Re: It has bugger all to do with the CMOS battery and "BIOS RAM".

            some motherboards have recoverable bios's. Not sure if the systems are bricked enough to even allow this to start though (assuming a fault like this could be traced to desktop mobos, I doubt consumer grade laptops have this sort of redundancy built in)

            1. Tom 13

              Re: Not sure if the systems are bricked enough...

              I didn't look into the reports, but if they were recoverable I expect there wouldn't have been as many complaints.

              A couple years back Gigabyte released a series of MBs that had a flashable BIOS with a hard ROM backup. If you buggered the flash memory, you could still revert to the ROM which would then reprogram the flash. I thought they were rather handy. Haven't seen anything like them in a while though. Seems like rather inexpensive protection to me.

          2. Andy Enderby 1
            Happy

            Re: It has bugger all to do with the CMOS battery and "BIOS RAM".

            heh.... Oh how I laughed when someone mentioned CIH. I remember an R&D department at a British PC manufacturer getting laid low by that little piece of ****......... They were out of the game for a week if I remember..... Thanks to older hardware and marginally better anti virus policy compliance tech support was unaffected....... thankfully.

      2. keith_w
        Boffin

        Re: It has bugger all to do with the CMOS battery and "BIOS RAM".

        could it be because you are posting anonymously?

    2. Anonymous Coward
      Anonymous Coward

      Re: Recovery...

      Most EFI Variable Store implementations save the variable data to the same SPI NOR Flash device that contains the BIOS firmware itself. I am not aware of any implementation that does not use the SPI NOR Flash on a modern Core i7.

    3. Anonymous Coward
      Anonymous Coward

      Re: Recovery...

      WILL PEOPLE PLEASE STOP CALLING UEFI BIOS.

      Really, it's getting beyond a joke. If I hear another person say something like "All you need to do is switch off secure boot in the BIOS" or "Can't you just switch off UEFI in the BIOS", I'm going to scream.

      This is supposed to be a tech site.

      1. h3

        Re: Recovery...

        At least on my reasonably new Supermicro board the place to enable / disable UEFI is the legacy BIOS (That is the default it starts disabled). Everything you say doesn't make sense makes perfect sense in the case of my board.

      2. Suricou Raven

        Re: Recovery...

        People still flatten clothes with 'irons' long after they ceased to be made of iron.

        The term 'BIOS setup' will outlast the BIOS itsself.

        1. Anonymous Coward 15

          Re: Recovery...

          "BIOS" was always used incorrectly. The term originated as part of CP/M. The corresponding part of MS-DOS is io.sys.

          1. mark 63 Silver badge

            Re: Recovery...

            "The corresponding part of MS-DOS is io.sys."

            er, is it?

            I thought the bios was a level below that .

            Although I did notice once that winNT was able to use drives the BIOS hadnt bothered detecting

            1. /dev/null
              Boffin

              Re: Recovery...

              I think notionally the MS-DOS BIOS was split between the ROM BIOS (which would be customised to the particular hardware configuration of the PC) and IO.SYS (or IBMBIO.COM if you had PC-DOS) which was intended to be generic. The term "BIOS" is now so closely associated with boot firmware that we forget it used to be an integral part of a PC's native OS....

          2. Anonymous Coward
            Anonymous Coward

            Re: Recovery...

            Bo11ocks, BIOS was a part of the PC, sure CP/M may have used it first but way back in the mists of time where my career began, the 2764 (Or smaller, see IBM PC Tech Ref for details) EPROM on a motherboard contained the BIOS, Basic Input Output System.

            It contains just enough code to initialise the hardware and load the bootsector off whatever storage media (assuming no peripheral has a ROM that contains the magic numbers to tell BIOS code it's should run that first) you have attached which only then pulls in IO.SYS. IO.SYS is an integral part of MS-DOS and as such, IO.SYS is only required on a PC if you're running DOS or a derivative thereof.

            1. Tom 13

              Re: Bo11ocks, BIOS was a part of the PC

              You're way too deep in the 7 layer model for people who can't tell an app from the OS.

        2. Tom 13
          Devil

          @Raven

          How about we set your IDE hard drive parameters while we iron out the bugs in your BIOS? Or would you prefer we just set the MFM Drive ID number?

          Where's the crotchy older than dirt icon?

      3. Kiwi
        Linux

        Re: Recovery... @AC 16:23

        "If I hear another person say something like "All you need to do is switch off secure boot in the BIOS" or "Can't you just switch off UEFI in the BIOS", I'm going to scream."

        Why? On many mobos that's exactly where you turn it off. Both secure boot and UEFI. And many mobo makers call UEFI "BIOS" as well, some calling "BIOS" "Legacy BIOS".

        "This is supposed to be a tech site."

        It is. That's why people talk about turning UEFI off in BIOS. Or using BIOS to disable/turn off secure boot.

        Begone, vile hampster.

  4. Anonymous Coward
    Anonymous Coward

    So is Eadon going to have a retraction of all his anti-windows comments?

    Title says it all...

    1. Filippo Silver badge

      Re: So is Eadon going to have a retraction of all his anti-windows comments?

      That would take a *long* time.

      1. Quxy
        Facepalm

        I'm not Eadon...

        But I recall that any anti-Windows comment he may have posted on this particular topic was overwhelmed by a flood of 'AC's with such helpful suggestions as "Well if you will run freeware crap, you get what you pay for...".

        No, Eadon may be a a rabid penguin-head, but at least he signs his own name! And after all, he's *our* rabid penguin-head...

        1. Daniel B.
          Trollface

          Re: I'm not Eadon...

          Not to mention that Eadon's anti-windows comments have no bearing on this, as the article states that Windows *can* and *does* brick a Samsung lappy the same as Linux. IIRC the 'AC's were also mostly MS shills saying the same thing about "freetards getting what they deserved".

          So it is actually the shilltards who should be apologizing to *Eadon*. My my ... the irony...

          1. dogged
            Stop

            Re: I'm not Eadon...

            MS shills

            Hate to pop your paranoia but I don't believe there are such creatures on the Reg boards. Even RICHTO is pretty much a reaction to Eadon, Bob Vistakin, Barry Shitpeas and Mrs Barry Shitpeas (I only noticed the other day that "Philomena Cunk" is another Charlie Brooker character, insert facepalm here).

            The "shilltards" here seem to be confined to linux and Android.

            For the record, I work for a small development company in South Wales at the moment.

            1. Tyrion

              Re: I'm not Eadon... MS shills

              There are definitely MS shills / fanboys on the reg. You only have to look at all the downvoting that goes on. Most simply don't comment, they just sign up for an account then go around downvoting anything not pro-micro$oft. I've seen it first hand, hell I've even had one or two admit to it. It's sad really.

        2. Annihilator
          Meh

          Re: I'm not Eadon...

          But I recall that any anti-Windows comment he may have posted on this particular topic was overwhelmed by a flood of 'AC's with such helpful suggestions as "Well if you will run freeware crap, you get what you pay for...".

          Yeah I'm also noticing the rather muted response from the anti-Linux crowd on this article. It's like they've applied logic and realised they're wrong.

          Or they're just not up yet - give it time.

          1. Anonymous Coward
            Anonymous Coward

            Re: I'm not Eadon...

            Why blame Linux or Windows?

            This is Samdungs fault. Anyone who is under any illusion that they make good products really needs to think again.

            1. Tom 13

              Re: This is Samdungs fault.

              I believe the Kipling line is something approximating:

              but the sins that you do two by two you shall pay for one by one.

              Yes Samsung is primarily at fault for a very faulty BIOS/UEFI implementation. But the Linux distro was also at fault for sloppy coding and failure to test. Posters who weren't shilling for one side or the other appropriately beat up on both of them. We did give points to Linux guys for at least admitting they'd written sloppy code and rapidly posting defenses and fixes. And now it seems the Linux guys have done some solid research which indicates Samsung REALLY needs to fix their crap.

        3. Anonymous Coward
          Anonymous Coward

          Re: I'm not Eadon...

          Re: Eadon signs under his own name.

          How do we know?

          Is he also RICHTO, does he reply to himself under other pseudonyms or as AC? For all I know he may be half the people on the board, using a pseudonym is just as AC as using AC, because we don't know if comments are limited to that pseudonym from its owner.

          1. DF118

            @AC 16:26 Re: I'm not Eadon...

            You could've just said maybe he's a sockpuppeteer.

          2. Anonymous Coward
            Anonymous Coward

            Re: I'm not Eadon...

            "For all I know he may be half the people on the board, using a pseudonym is just as AC as using AC"

            I'm RICHTO and so is my wife.

          3. Tom 13

            Re: using a pseudonym is just as AC as using AC

            But if I used my real name here, how would you know it wasn't a pseudonym?

        4. Anonymous Coward
          Anonymous Coward

          Re: I'm not Eadon...

          You remind me of a French taxi-driver's comment on why a well known crook had just been re-elected Mayor:

          "C'est un vieux con, mais c'est notre vieux con a nous."

        5. Paul 129
          Linux

          Re: I'm not Eadon...

          But corebios is looking good about now. The more I read about UEFI the more i want to put linux there instead :-P

  5. Anonymous Coward
    Linux

    Poor Apple.

    OSX simply is not modern and sophisticated enough to brick a Samsung laptop.

    1. Chad H.
      FAIL

      Re: Poor Apple.

      Or Apples been doing UEFI longer than anyone else....

      1. Matt_payne666

        Re: Poor Apple.

        and Silicon Graphics/SGI has been doing its own take on UEFI firmware a lot longer than apple........

        1. ThomH

          Re: Poor Apple.

          Intel's been working on EFI since 1998 if we really want to get into it.

          It's Forth based, right? So we're probably talking about a stack overflow?

          1. Anonymous Coward
            Anonymous Coward

            Re: Poor Apple.

            It's Forth based, right? So we're probably talking about a stack overflow?

            No. You are confusing UEFI with Solaris's OpenBoot.

            UEFI has a shell --> http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Efi-shell

            1. Destroy All Monsters Silver badge
              Coat

              Re: Poor Apple.

              > It's Forth based, right?

              That would actually mean there was some hope.

              Yet another "industry standard" that is a Bad Idea, Badly Implemented.

              1. Anonymous Coward
                FAIL

                Re: Poor Apple.

                Utterly incredible that all of this critical low-level code has been crap from back in the mists of time.

                BIOS, UEFI, it seems to make no difference, it's nasty buggy stuff that is only just good enough to boot the hardware to the point where more capable software can rescue everything out of the cesspit.

                A massive FAIL going back 30+ years...

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Poor Apple.

                  Who says it is the BIOS and UEFI to blame?

                  This is a case of poor implementation, the actual concept is sound.

          2. /dev/null
            Boffin

            Re: Poor Apple.

            EFI was invented by Intel to be the standard boot firmware for Itanium systems. It was only afterwards that someone thought it porting it to x86 would make a good replacement for the old PC BIOS, something which was well overdue.

            1. Tom 13

              @/dev/null: let me fix that for you:

              ...for the old PC BIOS, something which is still WELL overdue.

              On the other hand, at the BIOS level you're pretty much coding by hand and error testing is tricky. Worst part is what assumptions do you get to make about your inputs, because you don't have a lot of room to maneuver. I don't even write sloppy .Net code let alone the sort of really well though through machine code that goes into a BIOS. It may be crap, but when I really think about it, those guys have actually done pretty well by us through the last 30 years.

          3. Tom 13

            Re: It's Forth based, right?

            So what you're saying is that Intel said:

            Go Forth and conquer

            and they did?

        2. Anonymous Coward
          Anonymous Coward

          Re: Poor Apple.

          SGI aren't consumer machines.

Page:

This topic is closed for new posts.

Other stories you might like