Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Demo Exploits Bypassing UEFI Secure Boot

Posted by Unknown on from the didn't-see-that-one-coming dept.

itwbennett writes "Researchers demonstrated at Black Hat this week two attacks that bypassed Secure Boot in order to install a UEFI bootkit — boot rootkit — on affected computers. The first exploit works because certain vendors do not properly protect their firmware, allowing an attacker to modify the code responsible for enforcing Secure Boot, said researcher Yuriy Bulygin, who works at McAfee. The second exploit demonstrated by the researchers can run in user mode, which means that an attacker would only need to gain code execution rights on the system by exploiting a vulnerability in a regular application like Java, Adobe Flash, Microsoft Office or others. In both cases, the exploits are possible not because of vulnerabilities in Secure Boot itself, but because of UEFI implementation errors made by platform vendors." Of course, a hardware security system that is too complex to verify seems like a fatal flaw.

6 of 100 comments (clear)

  1. Hence why UEFI should be dismissed by Nikademus · · Score: 4, Informative

    Hence why UEFI should be dismissed. If it's useless, just don't implement it, it's cheaper...

    --
    I gave up with the idea of an useful sig...
    1. Re:Hence why UEFI should be dismissed by Joining+Yet+Again · · Score: 3, Insightful

      That's like saying metal should be dismissed because one application is the building of nuclear bombs.

      UEFI's just a more modular/uniform sort of BIOS. Even the old 16-bit BIOSes could have had anti-competitive restrictions bolted on, but it wouldn't have been as easy to sell.

    2. Re:Hence why UEFI should be dismissed by v.dog · · Score: 3, Insightful

      Also, we should just get rid of the ignition keys for cars, since some of them can be hot wired. On an unrelated note, whereabouts is you car?

      --
      Don't Panic.
  2. TPM is all you need. by boorack · · Score: 5, Informative

    UEFI was never intended to improve security. Along with Microsoft's extensions it was designed as a lock-in tool. Too bad we had to wait until it pops up everywhere just to realize it.

    1. Re:TPM is all you need. by Vanderhoth · · Score: 5, Interesting

      I don't know who this "we" you're talking about is. Every comment section for every article on UEFI and secure boot that was posted on /. was filled with commenter saying it was useless, would be bypassed within a year and was how MS was going to use it to lock average people into Windows. Followed by reams of MS shills saying it was only mandatory on ARM devices and it can be turned off on anything else. Followed by more posts of "Until MS requires it and it can't be turned off".

      So far to me it looks like things are playing out exactly as /. predicted. Looks like the next step will be for MS to just require it on everything, even though it doesn't work.

  3. Required in Windows 8; forbidden in Windows RT by tepples · · Score: 4, Interesting

    A method of disabling Secure Boot is required by the spec and by Microsoft.

    In Windows 8 (x86 and x86-64), it is required. In Windows RT, it is forbidden. And other comments to this topic speculate that Microsoft is likely to license Windows 10 like Windows RT in this respect.