How can your BIOS be infected or hacked and Can a BIOS virus be used to “steal data”?

I know that BIOS can get virus but it’s very rare, but it seems to me it’s pretty impossible or improbable for a virus to creep into your BIOS via normal computer use.
Let’s say I’m using windows 10, even if I go as far as downloading a malware on my windows 10, it would seem that the worst damage it can do it to my windows 10 itself, not the BIOS, is that accurate? (Or at least, it’s incredibly difficult).
If I don’t deliberately take a usb drive, and go into BIOS to m-flash it, how can I possibly infect a BIOS? So similarly, since your network would only work in the OS level, how can anyone possibly modify your BIOS by hacking your operating system?

And in the other direction, Supposed by some means my BIOS was infected with some virus, how can anyone possibly steal information on an operating system using the BIOS when the BIOS itself cannot be connected to the internet?

It seems to me the damage a BIOS can do is very local.

Go to Source
Author: Ecotistician