Re: Israeli security startup CTS-Labs
OK, you have just firmly put yourself into the "dumb users" category. Therefore let me spell it out a bit more clearly for you, rather than the generic shorthand "boot from floppy" which I believe most people would understand to mean "boot from external media, no matter what form that external media takes".
For many years, the only way to flash BIOS was to boot into a single-user, non-multitasking OS that had minimal drivers loaded (no networking, no SCSI, no tape drives, no heavy-weight GPU drivers, and so on) and either explicitly invoke the 'flash' command (unless the boot media was specifically crafted for flashing BIOS, in which case it might automatically invoke the flash command). This method was orginally done via floppy disks (5 1/4" when I started, older people will remember 8" or even audio-tape-based drives). It could also be accomplished by other externally booted media, e.g. eSATA, USB, Zip drive, firewire, serial, or whatever method your specific hardware supported. Alternatively, you could have a boot-loader that oftered the choice of booting into such an O/S that (might have) had its own tiny dedicated partition.
Or even, if using a UNIXy system where the OS itself supported many different boot modes, you could explicitly boot into single-user mode or, if it is/was actually a UNIX workstation of some manufacture, you would probably do it from the boot PROM or similar environment (for those of you not with a history of actual workstations, they had a UEFI-like system for decades, but it wasn't graphical, it was command-line based, so you could boot up into the 'UEFI' (on a SUN workstation STOP-A would dump you into it) and perform some hardware-based tasks like this).
Or even in more modern windows, at least booting into 'safe' mode (without networking) would give you a semblance of doing something similar.
The key takeaway, which I suspect most people (other than you) would have gotten was:
For the convienience of the average user, manufacturers have sacrificed security and reliablity for user convienience. It is a bad idea to be able to flash a systems firmware from a connected, online, multi-user operating environment where someone sitting on the other side of the world could be flashing a compromised firmware onto a system unknown to the user who might actually be using the system at that time and not know this is going on.