Millions of flawed BIOSes can be infected using simple two-minute attacks that don't require technical skills and require only access to a PC to execute. BIOS have been the target of much hacking research in recent years since low-level p0wnage can grant attackers the highest privileges, persistence and stealth.
Because almost no one patches their BIOSes, almost every BIOS is affected by at least one vulnerability, and can be infected. The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable. The point is more how the vendors' fixes are going un-applied by users, corporations, and governments.Read more