Present at Black Hat 2013 in Las Vegas, Andrew Furtak, Oleksandr Bazhaniuk and Yuriy Bulygin have demonstrated two attack methods that can be used to bypass the Secure Boot in an effort to install a UEFI bootkit, PCWorld reports.One of the attack techniques relies on security holes in the device?s firmware. However, in this case, the exploit that alters the code responsible for enforcing the Secure Boot mechanism needs to be launched in kernel mode.
This makes the attack more difficult to pull off because cybercriminals would need to find a way to execute code in the part of the OS that has the most privileges.
This exploit method was reported to impacted vendors, one of which is Asus, around one year ago. The company has released some BIOS updates, but products such as the VivoBook laptop ? on which the experts have made their presentation ? are still vulnerable.
The second method is not as limited. Cybercriminals can leverage it to bypass Secure Boot simply by using vulnerabilities in common applications such as Microsoft Office, Java or Adobe Flash.
Since the exploited security holes have been discovered only recently, the experts haven?t named any of the impacted vendors and they haven?t provided any technical details regarding the attacks.
While security experts from all around the world try to find ways to bypass Secure Boot, Bulygin admits that the system is an important step forward in keeping computers bootkit free.
Sasha McHale Boy Meets World elizabeth taylor cam newton FedEx Gabriel Aubry cyber monday deals
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.