With first passing read of the article I couldn't get clear picture, what is exactly new here?
There have already been Windows viruses writing to BIOS flash and causing obvious havoc. A
year or two ago there was the issue with an wireless adapter firmware cracked to allow access
onto an OS X desktop.
Is the news here that there is new methods to inject trojan firmware into a running system
through remote update mechanisms? Is the increased activity and knowledge in cracking closed
source binary blobs (from Windows to firmwares) causing this kind of security vulnerability as
a real thread to be taken more into account? Or is it that there quite often plenty space in
flash to add unwanted binary and one could only need few hooks into the real firmware code to
make it as a trojan firmware?