Search This Blog


Tuesday, August 6, 2013

Windows 8 Secure Boot bypassed thanks to sloppy OEM implementation

With the launch of Windows 8 in 2012, Microsoft also put in a new secure boot system  in the OS that was not only supposed to be faster than previous versions of Windows but much more secure. Last week, researchers at the Black Hat conference in Las Vegas demonstrated two exploits that could allow hackers to bypass the Secure Boot system in order to install an Unified Extensible Firmware Interface (UEFI) bootkit.
In theory, UEFI PCs can only boot up software that have the proper digital signatures to prevent malware from being booted up as well, as shown in the above diagram. reports that the the researchers (Andrew Furtak, Oleksandr Bazhaniuk and Yuriy Bulygin) showed their two exploits were able to work not because of issues with the Secure Boot setup but because PC vendors have made errors in their own implementation of UEFI.
One problem was that some OEMs don't protect their firmware well enough, which allowed the research team to modify the code for the Secure Boot enforcement in an Asus VivoBook Q200E laptop. The other exploit can run in user mode which could lead hackers to bypass Secure Boot using flaws in Flash, Java or even Microsoft Office.
The specific details of both exploits were not revealed during the conference, but the research team has informed Microsoft and other OEMs about the software holes. In a statement, Microsoft said simply that it is, "... working with partners to help ensure that secure boot delivers a great security experience for our customers."

No comments:

Post a Comment

wibiya widget

Disqus for Surut Shah

Web Analytics