I need a little advice from a professional.
I'm an amateur pentester and I was reading a lot about hardware level flash memory rootkits. This was a bit of an annoyance for me, because I was under the impression that hardware designers would only put enough flash memory on a board to contain an initializer to prevent precisely the problem that's been introduced to the community recently. Essentially what I want to research is the necessary vectors and escalation required for this new class of bug. Does it require reinitialization? Are any of my chipsets vulnerable? Is there a way to flash these chipsets, probe them for diagnostics, or to block diagnostic/flashing efforts? Are any of my peripherals similarly vulnerable?
The way I see it, unless designers got very lucky in their idiotic design methodologies, literally the only way to create a truly secure computing platform would require:
*Detailed bandwidth monitoring open source hardware & and open source auditing tools
*Read-only backups for flashing every initializer on a proprietary board, and firmware
*A hardened (probably read-only) kernel/OS
*Backup images of any temporary data
Every year it gets more expensive for consumers to secure their electronic devices from attack. Every year the ubiquity of computing expands into another aspect of life. Every year the sea of information gets deeper, the easier and more lucrative it is to tunnel a black market beneath it. Honestly, I don't think there's a market incentive to fix this problem. At some point it becomes cheaper to drop x86 architecture and start from scratch, albeit with cooler fabrication technologies.