DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
December 16, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 78 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Security researchers discover ways to install UEFI bootkit

Posted on Sunday, August 04 2013 @ 15:31:13 CEST by


Over at the Black Hat USA security conference, a team of security researchers demonstrated how flaws in the UEFI implementation of some PC manufacturers enables attackers to bypass Windows 8 Secure Boot. Researchers Andrew Furtak, Oleksandr Bazhaniuk and Yuriy Bulygin showed off two attacks at the conference that enable the installation of UEFI rootkits on affected computers.

The first attack is somewhat limited because attackers first need to gain access to the kernel mode on the targeted computer. The exploit was demonstrated on an Asus VivoBook Q200E , but some ASUS motherboards and likely also other VivoBooks are also affected according to Bulygin. ASUS reportedly released BIOS updates for some motherboards, but not for the VivoBook notebook.

Also shown off was a more dangerous vulnerability that can infect a vulnerable computer in regular user mode, meaning an attacker would only need to abuse a remote code execution exploit in a program like Microsoft Office, Adobe Flash, Adobe Reader or Java in order to be able to install the UEFI bootkit. Technical details about the second exploit nor details of affected products were not disclosed because the vulnerability is a recent discovery. Bulygin explained that the kernel-mode exploit was made public because the affected platform vendors were made aware of the exploit over a year ago.
Several other issues that can be used to bypass Secure Boot have also been identified and their disclosure is being coordinated with Microsoft and the UEFI Forum, the industry standard body that manages the UEFI specification, Bulygin said.

“Microsoft is working with partners to help ensure that secure boot delivers a great security experience for our customers,” Microsoft said Thursday in an emailed statement.

Despite these vendor implementation problems, Secure Boot is still a huge step forward, Bulygin said. To install bootkits now, attackers first need to find a vulnerability that would allow them to bypass Secure Boot, while on legacy platforms there was nothing to stop them, he said.
Full details at PC World.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba