Windows 8 Secure Boot Defeated

← Back to Stories (view on slashdot.org)

Windows 8 Secure Boot Defeated

Posted by samzenpus on Thursday November 17, 2011 @08:45AM from the what-took-so-long? dept.

jhigh writes "An Austrian security researcher is scheduled to release the first 'bootkit' for Windows 8 at the upcoming MalCon in Mumbai. This exploit loads in the MBR and stays memory resident until Windows loads, resulting in root access to the system. This allegedly defeats the new secure boot features in Windows 8's bootloader."

14 of 205 comments (clear)

Min score:

Reason:

Sort:

Could open your system up to malware like Linux by elrous0 · 2011-11-17 08:45 · Score: 5, Funny

But if the Windows bootloader integrity is compromised, we could all end up infected with Ubuntu, Debian, FreeBSD--god only knows what!
Won't someone PLEASE think of the children?!?!?

--
SJW: Someone who has run out of real oppression, and has to fake it.
1. Re:Could open your system up to malware like Linux by Anonymous Coward · 2011-11-17 08:50 · Score: 5, Funny
  
  That's what Edubuntu's for.
2. Re:Could open your system up to malware like Linux by hairyfeet · 2011-11-17 13:18 · Score: 5, Interesting
  
  Actually it doesn't have a damned thing to do with linux and everything to do with pirates. if you look on any BT site you'll find "Windows 7 all versions pre activated" which passes WGA and has for nearly two years. it does this by running a bootloader that fakes an OEM signature so MSFT would have to kill the keys for the major OEMs thus causing more than a little shitstorm from all those that bought win 7 PCs and suddenly were told they are pirates.
  So despite all the bullshit from MSFT that it was about security, and despite all the FOSSies screaming "Its a plot to kill Linux!" in actuality it was just MSFT playing whack a mole with the pirates and yet again losing.
  . The sad part was they HAD the cure for piracy in the west, I saw with my own two eyes as many pirates which had NEVER paid for Windows suddenly were running legit. i'm of course talking about the Win 7 HP $50 upgrade. When they killed that suddenly the local CL was filled with $100 PCs with $300 Windows installs. Just more proof Ballmer is as shitty a CEO as the Pepsi guy was for Apple.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Secure boot is UEFI by Anonymous Coward · 2011-11-17 08:48 · Score: 5, Interesting

Secure Boot is a UEFI feature, not Windows one. The article makes no reference to UEFI whatsoever - and it offers no explanation either for what mechanic was actually defeated. I do doubt the integrity of the article ARS is using.
1. Re:Secure boot is UEFI by Anonymous Coward · 2011-11-17 08:52 · Score: 5, Funny
  
  >>I do doubt the integrity of the article ARS is using.
  Are you suggesting that ARS was compromised?
2. Re:Secure boot is UEFI by Anomalyst · 2011-11-17 09:29 · Score: 5, Funny
  
  a security flaw in either the UEFI firmware or the Windows code could render it ineffective.
  Let's get real, what are the odds of a flaw in Windows code?
  
  --
  There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
3. Re:Secure boot is UEFI by cvtan · 2011-11-17 09:42 · Score: 5, Funny
  
  No. They just got it ARS backwards.
  
  --
  Sorry, but gray text on gray background is making my eyes bleed.
4. Re:Secure boot is UEFI by afidel · 2011-11-17 09:56 · Score: 5, Informative
  
  You are correct, this is just an update of his previous exploit against other Windows versions, it only works with legacy BIOS, not against EUFI with secure boot. The story over at ARS has been updated.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Horray! by Tyrannosaur · 2011-11-17 08:51 · Score: 5, Funny

Finally a jailbreak for the desktop! I was tired of using locked-down hardware! I will now run a jailbroken desktop exclusively.
UEFI doesn't have MBR by Manip · 2011-11-17 08:52 · Score: 5, Interesting

Uhh UEFI literally has no MBR, it doesn't exist. So please explain to me how this exploit functions when the MBR doesn't exist? I think he is booting his drives in the wrong mode, which is to say legacy MBR mode instead of ADAPI/UEFI mode.
From the "What took so long?" Department.... by apcullen · 2011-11-17 08:53 · Score: 5, Funny

This would have been solved sooner if Modern Warfare 3 hadn't been released last week...
Not broken by BitZtream · 2011-11-17 08:59 · Score: 5, Informative

I thought the point to the UEFI secure boot thing was that the UEFI wouldn't boot without the MBR and remainder of the boot blocks being properly digitally signed.
Unless someone broke the digital signature system or found a flaw in the implementation, this sounds more like working as intended.
The article also seems to think that the boot loader is supposed to be encrypted for some silly reason.
Seems pretty clear that the article doesn't understand how it works, so its hard to imagine theres much truth in it. If you tell the UEFI to ignore digital signatures on the boot loader then yes, it has been compromised ... cause you turned it off. Intentionally turning it off doesn't count as breaking it guys, sorry.
If there was a claim of a flaw in the UEFI Secure boot implementation or design, then I'd listen, but the fact that its being called a windows exploit when it occurs before Windows has been started kinda sets off signal flares, ya know?

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Misleading title, Secure Boot not defeated by davidwr · 2011-11-17 09:28 · Score: 5, Insightful

Without a UEFI computer that is configured to boot only signed boot-loaders, this is not a valid test of the Secure Boot technology.
Basically, this is a case of "of course it works that way in this scenario, it's supposed to."

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This is disgraceful by amliebsch · 2011-11-17 12:31 · Score: 5, Informative

Seriously, hello, editors? Is anybody home? This post is 100% false. The very subject of this story has tweeted:

No it's not attacking UEFI or secure boot, right now working with the legacy BIOS only (details will be in the paper)
Do the words "reckless disregard for the truth" have any meaning to you?

--
If you don't know where you are going, you will wind up somewhere else.