Researchers Hack and Bypass Windows 8 UEFI Secure Book

rated by 0 users
This post has 4 Replies | 0 Followers

Top 10 Contributor
Posts 26,115
Points 1,184,285
Joined: Sep 2007
ForumsAdministrator
News Posted: Sun, Aug 4 2013 12:40 AM
When the hackers roll to Vegas, you know a good amount of exploits are going to surface. Defcon was on point this week in the Nevada desert, and here's yet another exploit that has piqued our interest. Researchers have discovered that the Windows 8 Secure Boot mechanism can be circumvented on PCs built by certain manufacturers. Why? Oversights in how those particular vendors implemented the Unified Extensible Firmware Interface (UEFI) specification.


Andrew Furtak, Oleksandr Bazhaniuk and Yuriy Bulygin were on hand to showcase their findings. Thankfully, due to the nature of the event, none of the specifics are shown; instead, companies are alerted so that fixes can be put in place before ill-willed hackers discover the same hacks. Here's a bit more on what went down:

"Secure Boot is a feature of the UEFI specification that only allows software components with trusted digital signatures to be loaded during the boot sequence. It was designed specifically to prevent malware like bootkits from compromising the boot process. According to the researchers, the exploits demonstrated at Black Hat are possible not because of vulnerabilities in Secure Boot itself, but because of UEFI implementation errors made by platform vendors. The first exploit works because certain vendors do not properly protect their firmware, allowing an attacker to modify the code responsible for enforcing Secure Boot, said Bulygin who works at McAfee. The exploit is designed to modify the platform key -- the root key at the core of all Secure Boot signature checks -- but in order to work it needs to be executed in kernel mode, the most privileged part of the operating system."

As Asus VivoBook Q200E laptop was hacked on stage, but select Asus desktop motherboards are also impacted. Asus will obviously be releasing patches soon, as would any other company that has been found to be affected.
  • | Post Points: 65
Not Ranked
Posts 1
Points 5
Joined: Aug 2013
TyLer1 replied on Sun, Aug 4 2013 9:14 AM

wow they hack the lock off the book :)

  • | Post Points: 5
Not Ranked
Posts 54
Points 495
Joined: Jan 2012
zybch replied on Sun, Aug 4 2013 2:40 PM

So, Bulygin works at McAfee, who most likely have special access to a lot of the underlying OS stuff from both MS and PC vendors. How on earth is it ethical for him to release this info given this background?

Not that I care about the UEFI being circumvented at all, I just hate hypocrisy especially when it comes from a so-called 'security vendor' relating to a security mechanism that they now tell people how to overcome (or at the least, THAT it can be overcome).

  • | Post Points: 5
Top 50 Contributor
Posts 2,913
Points 24,635
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Mon, Aug 5 2013 10:32 AM

Physical access to device.. check..  secured using a standard that has been exploited before.. check.. This is no different than rooting and unlocking the bootloader on an android device or jailbreaking an iPhone.. nothing 'new' to see here.

  • | Post Points: 5
Top 500 Contributor
Posts 171
Points 1,150
Joined: Jul 2013

hahaha very funny

  • | Post Points: 5
Page 1 of 1 (5 items) | RSS