Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Show How To Take Control of Windows 7

Posted by CmdrTaco on from the hey-wait-a-minute dept.

alphadogg writes "Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday. Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. 'There's no fix for this. It cannot be fixed. It's a design problem,' Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack. While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely." Which makes me wonder why I'm posting this :)

13 of 325 comments (clear)

  1. Physical Security is a big issue by mc1138 · · Score: 3, Insightful

    We hear about it all the time, laptops being stolen, left out, all with tons of sensitive data. Combine this with a lot of companies having very poor physical security this could be more than something to just write off.

    --
    The musings of just another geek and his junk.
    1. Re:Physical Security is a big issue by mhall119 · · Score: 3, Insightful

      Even if you're using Windows to encrypt your hard drive, this exploit might still be effective. From the very few details in the article, it modified the Windows boot files in memory while it's booting. If they can do that, then they just wait for you to log in and decrypt your hard drive, and their tainted processes have access to all your data.

      --
      http://www.mhall119.com
  2. Yes, why post this? by Control-Z · · Score: 4, Insightful

    If someone has physical control of the machine, all bets are off.

    1. Re:Yes, why post this? by Lord+Ender · · Score: 5, Insightful

      Some disk encryption solutions, such as Checkpoint, rely on windows authentication to decrypt the disk. If this can be bypassed easily, it makes this disk encryption worthless.

      It was obvious to crypto pros that it is theoretically worthless, but this is a practical attack against it.

      Real disk encryption DOES protect them machine even with physical access. But "enterprise" software companies like Checkpoint sell snake-oil encryption quite well because engineers can "prove" it's flawed to management without a working exploit.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  3. Who cares? by Sj0 · · Score: 4, Insightful

    Rule 1 of computers is, if someone has physical access to your machine, it has already been compromised. I always design my security around this fact, and if a machine needs to be secure against attack, it will be physically secure.

    --
    It's been a long time.
  4. A hack! by Anonymous Coward · · Score: 5, Insightful

    This is barely a hack. I can steal any car in the world. Give me the keys, some gas, and park it in my drive way. Watch me steal it with ease! HA!

  5. Boot from Live CD? by neilobremski · · Score: 5, Insightful

    If you boot from a Live CD, since you have physical access to the machine, isn't it essentially the same thing? I'm confused about how this is a vulnerability.

    --
    -- NeilO
  6. Critical information missing by drsmithy · · Score: 3, Insightful

    There's a rather important aspect of this that's not discussed - how does this code get onto the computer in the first place to be executed during boot ?

  7. Re:I cannot believe it... by gnick · · Score: 5, Insightful

    OK, I'm not a Mac guy so I can say nothing about it. I've also not used Windows 7.

    But, really. If you give me physical access to damned near any Windows or Linux machine, it's owned. And there are a lot of people out there a helluva lot better then me.

    Sure, I won't be able to crack your encrypted archives. Nor your well-protected stored passwords. But hacking root/admin with physical access to the box isn't rocket science. Actually, it's much tougher with Vista than any Linux distro I've run into.

    --
    He's getting rather old, but he's a good mouse.
  8. The reason by kenp2002 · · Score: 4, Insightful

    ... the reason you are posting this article is to spread anti-microsoft hate and FUD for no reason.

    Why not post:

    With a gentoo install CD you can gain control of any linux system by overwriting key /etc/ files to give yourself root access unless you use encrypted drives...

    More useless propaganda from an MS-hater. I mean seriously, this is news? Next thing you'll post is the Windows 7 has a horrible exploit that crashes it every time you shoot the PC with a shot gun.

    Don't we have a NO FUD policy for articles?

    "Everyone is entitled to be stupid, but some abuse the privilege", as a result of this abuse, your Stupid License has been suspended for 60 days.

    --
    -=[ Who Is John Galt? ]=-
  9. Re:I cannot believe it... by DavidChristopher · · Score: 5, Insightful

    In the absence of physical security, taking over a vista, linux, mac os x or (insert vendor here) UNIX system is not difficult, providing you know the platform. No, the 'average gramma' can't do it, but most of us most likely can - with not much more than a google search and a quick download.

    I'm not a microsoft (or apple, or linux) fanboi by any means, but a system is only as secure as you actually make it. Disk encryption helps - it's a great idea - so I've honestly never met anyone who's used it.

    While this is certainly an interesting exploit, I doubt highly that many systems will be compromised in the wild with it.

    --
    http://www.bistolas.net
  10. Re:Physical access = root by paroneayea · · Score: 3, Insightful

    Linux boxes are rootable. They *should* be rootable. The only time they aren't are when you don't have control any more (because of DRM & etc). But then they are only Linux in as much as the Kernel goes, not as much as the kind of Linux that Linux users advocate. I've recovered a broken plenty of times by popping in a boot cd and chrooting it.

    The only time a system can be protected from this type of stuff is if it's encrypted. But then again, that's only protecting someone from accessing information you want to keep private, not protecting from reinstalling your operating system.

    --
    http://mediagoblin.org/
  11. Re:I cannot believe it... by gnick · · Score: 3, Insightful

    Yes - My first system breach (not counting MS systems that were completely unsecured - I mean actually circumventing security) in the wild was back in the early 90's - A university *nix system. The thing that made (makes) *nix such an easy target is that you can actually understand how it works. Windows is full of holes, but it's so frigging weird and hard to wrap your head around the bizarre OS that the casual cracker won't bother learning what's going on. If your only goal is to satisfy some childish desire to breach security and smugly toss your hands in the air and declare yourself an 31337 hacker (as was my case), Linux is the way to go.

    Agreed - Being able to understand your OS is indeed a feature for people living in Linux world.

    --
    He's getting rather old, but he's a good mouse.