Microsoft Surfaces Bricking Flaw Mostly Patched After Copilot Bug Discovery
Microsoft has largely fixed a firmware vulnerability in its Surface devices that could render them inoperable. The flaw, which required disabling security features, was inadvertently highlighted by Microsoft's Copilot AI. While Microsoft deems the risk low, the discovery showcases potential AI-driven security risks and the need for robust system defenses.
Key points
- A firmware flaw in Microsoft Surface devices, affecting devices with Secure Core and Secure Boot disabled, could brick hardware via a single packet.
- Security researcher Jack Darcy's Surface device was bricked after Microsoft's Copilot AI generated a script to adjust backlight settings, which improperly wrote to the device's embedded controller firmware.
- The vulnerability involved the Surface device's SAM (or SSAM) embedded controller, which lacked defenses against arbitrary write values.
- Microsoft stated the bug presents no realistic attack scenario as it requires specific driver interaction and hardware command sending.
- The company has been patching the flaw for approximately 90 days and considers it mostly repaired.
Microsoft has largely addressed a firmware vulnerability affecting its Surface devices that could lead to hardware bricking. The issue, which required disabling security features like Secure Core and Secure Boot, was brought to light when a security researcher's device was rendered inoperable.
According to security researcher Jack Darcy, his Surface laptop became unusable after Microsoft's Copilot AI generated and executed Python scripts intended to adjust screen backlighting. These scripts sent commands directly to the device's embedded controller firmware, overwriting critical data and disabling the hardware. Darcy explained that the Surface's SAM or SSAM embedded controller implementation lacked safeguards against such arbitrary write commands.
Microsoft has indicated that the flaw does not pose a significant practical threat. A company spokesperson noted that exploiting the vulnerability would necessitate a complex attack scenario involving interaction with specific drivers and direct hardware commands, requiring administrative privileges. The company has reportedly been working on patches for the past 90 days, stating the issue is now mostly repaired.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.