Researchers demo exploits that bypass Windows 8 Secure Boot - holcombwhopribed

The Windows 8 Steady Boot mechanism can be bypassed on PCs from certain manufacturers because of oversights in how those vendors implemented the Unified Protractible Firmware Interface (UEFI) specification, according to a team of security researchers.

The researchers Andrew Furtak, Oleksandr Bazhaniuk and Yuriy Bulygin demonstrated Wednesday at the Black Hat The States security conference in Las Vegas two attacks that bypassed Secure Boot in order to install a UEFI bootkit—boot rootkit—on affected computers.

Secure Boot is a feature of the UEFI specification that only allows software components with trusted digital signatures to be loaded during iron heel sequence. It was designed specifically to keep malware care bootkits from conciliatory the boot process.

According to the researchers, the exploits demonstrated at Black Hat are affirmable not because of vulnerabilities in Secure Bring up itself, just because of UEFI implementation errors made by platform vendors.

The first exploit kit and caboodle because dependable vendors arrange not by rights protect their firmware, allowing an assailant to modify the code amenable for enforcing Strong Charge, said Bulygin World Health Organization works at McAfee.

The work is designed to modify the platform key—the root key at the core of all Secure Bring up signature checks—just in order to go it needs to be executed in kernel mode, the most favored part of the operating scheme.

This somewhat limits the attack because a remote attacker would world-class have to happen a elbow room to execute code in kernel mode on the targeted computer.

The researchers incontestable their kernel-mode exploit on an Asus VivoBook Q200E laptop computer, but approximately Asus desktop motherboards are too affected according to Bulygin.

Asus released BIOS updates for approximately motherboards, but not for the VivoBook laptop, the researcher aforementioned. He believes that more VivoBook models mightiness be vulnerable.

Asus did not respond to a request for comment sent Thursday.

Various means of attack

The second exploit demonstrated by the researchers tush run in user mode, which agency that an attacker would only pauperization to gain code execution rights on the system away exploiting a vulnerability in a regular application care Coffee, Adobe brick Newsbreak, Microsoft Government agency or others.

The researchers declined to display any technical details around the forward tap or to name the vendors whose products are affected by IT because the targeted vulnerability was discovered recently.

The issue that makes the kernel-mode exploit possible was discovered and according to the affected platform vendors terminated a twelvemonth ago, Bulygin said. At some point, subsequently enough time has passed, the public needs to get it on about it, he said.

Several former issues that can be used to bypass Secure Boot have also been identified and their disclosure is beingness coordinated with Microsoft and the UEFI Forum, the industry canonic consistence that manages the UEFI specification, Bulygin aforesaid.

"Microsoft is working with partners to help ensure that secure bang delivers a great security experience for our customers," Microsoft aforesaid Thursday in an emailed statement.

Contempt these vendor effectuation problems, Warranted Boot is still a huge step forward, Bulygin same. To install bootkits nowadays, attackers best involve to find a vulnerability that would allow them to bypass Protected Boot, while on legacy platforms there was nonentity to stop them, he aforementioned.

Source: https://www.pcworld.com/article/453182/researchers-demo-exploits-that-bypass-windows-8-secure-boot.html

Posted by: holcombwhopribed.blogspot.com

Share this post