Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 8 Secure Boot Defeated

Posted by samzenpus on from the what-took-so-long? dept.

jhigh writes "An Austrian security researcher is scheduled to release the first 'bootkit' for Windows 8 at the upcoming MalCon in Mumbai. This exploit loads in the MBR and stays memory resident until Windows loads, resulting in root access to the system. This allegedly defeats the new secure boot features in Windows 8's bootloader."

7 of 205 comments (clear)

  1. Secure boot is UEFI by Anonymous Coward · · Score: 5, Interesting

    Secure Boot is a UEFI feature, not Windows one. The article makes no reference to UEFI whatsoever - and it offers no explanation either for what mechanic was actually defeated. I do doubt the integrity of the article ARS is using.

    1. Re:Secure boot is UEFI by makomk · · Score: 4, Interesting

      Secure Boot is a Windows feature building on a UEFI feature. If I'm understanding it correctly, every stage in the chain needs to be secure in order for the boot to actually be secure - a security flaw in either the UEFI firmware or the Windows code could render it ineffective.

    2. Re:Secure boot is UEFI by 0123456 · · Score: 2, Interesting

      Don't forget DRM: this way Microsoft can ensure that you can't install drivers or other software that can break the DRM system. Only a signed OS runs, only signed drivers run, eventually only signed applications from the Windows App Store run.

    3. Re:Secure boot is UEFI by cbhacking · · Score: 4, Interesting

      The funny thing is, this kind of thing is exactly the reason *for* Secure Boot (the non-conspiracy one, not the one that Slashdot is typically talking about). If you're using UEFI and you can verify a chain of trust, then you don't have boot sector malware. The fact that boot sector malware is possible on Win8 if you're NOT USING UEFI (because you're using an MBR) is not only obvious, it's the problem that Secure Boot is supposed to prevent.

      I wonder, among the peoople who tagged this "irony", how many actually ahve the right of it. The only irony in the situation is that Slashdot is so rabidly opposed to the idea that a headline which is factually incorrect (blatantly obviously so) is posted because it is compatible with the popular bias, despite having no basis in the technology that we nerds supposedly understand.

      That all said, there are certainly valid concerns about Secure Boot. It's entirely possible that they outweigh the value of making malware like this impossible. You should know what you're up against when you argue your case, though.

      --
      There's no place I could be, since I've found Serenity...
  2. UEFI doesn't have MBR by Manip · · Score: 5, Interesting

    Uhh UEFI literally has no MBR, it doesn't exist. So please explain to me how this exploit functions when the MBR doesn't exist? I think he is booting his drives in the wrong mode, which is to say legacy MBR mode instead of ADAPI/UEFI mode.

  3. Back in the 1980's by ackthpt · · Score: 4, Interesting

    We saw all the tricks people employed to copy-protect games on the C64. Most of them were pretty weak. The most effective I recall were the methods which spread out their information gathering throughout the boot process. This prevented someone trying to break copy protection from easily identifying the part of code where the detection was executed. If Microsoft gathered information, throuhout the boot process it could easily assemble some sort of checksum to check the boot sector and identify if it wasn't genuine. Does it take more than 30 years to figure this sort of thing out?

    --

    A feeling of having made the same mistake before: Deja Foobar
  4. Re:Could open your system up to malware like Linux by hairyfeet · · Score: 5, Interesting

    Actually it doesn't have a damned thing to do with linux and everything to do with pirates. if you look on any BT site you'll find "Windows 7 all versions pre activated" which passes WGA and has for nearly two years. it does this by running a bootloader that fakes an OEM signature so MSFT would have to kill the keys for the major OEMs thus causing more than a little shitstorm from all those that bought win 7 PCs and suddenly were told they are pirates.

    So despite all the bullshit from MSFT that it was about security, and despite all the FOSSies screaming "Its a plot to kill Linux!" in actuality it was just MSFT playing whack a mole with the pirates and yet again losing.

    . The sad part was they HAD the cure for piracy in the west, I saw with my own two eyes as many pirates which had NEVER paid for Windows suddenly were running legit. i'm of course talking about the Win 7 HP $50 upgrade. When they killed that suddenly the local CL was filled with $100 PCs with $300 Windows installs. Just more proof Ballmer is as shitty a CEO as the Pepsi guy was for Apple.

    --
    ACs don't waste your time replying, your posts are never seen by me.