Security researchers have demonstrated that it is possible for attackers to bypass the Windows 8 Secure Boot mechanism and modify the code for enforcing Secure Boot.

Secure Boot is a feature of the unified extensible firmware interface (UEFI) specification which allows trusted software components to be loading during the boot sequence. The UEFI looks for trusted digital signatures to avoid malware from loading during the boot process.

At the Black Hat hacker conference in Las Vegas earlier this week, security researchers Andrew Furtak, Oleksandr Bazhaniuk and Yuriy Bulygin demonstrated two ways to bypass the Secure Boot in order to install a boot rootkit on a target computer.

They said the exploit was possible not because of flaws in the Secure Boot itself but because vendors that implemented the UEFI committed errors in their implementation.

The first exploit works if vendors do not properly protect their firmware. The exploit is designed to modify the platform key. In order to work, the exploit needs to be executed in kernel mode.


Apple moves to thwart iPhone charger hack
Linux files complaint against Windows 8

The second exploit ran in user mode. This means that an attacker only needs to gain code execution rights on the system by exploiting a vulnerability in applications such as Adobe, Flash, Java or Microsoft Office.

Bulygin said Secure Boot is still a big step forward in computer security since in order to install boot kits now attackers need to first identify a vulnerability that would allow them to bypass Secure Boot.

Microsoft said it is now working with partners to “help ensure that secure boot delivers a great security experience for customers.”

Read the whole story here

Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
Download Now