Researchers Demo Exploits Bypassing UEFI Secure Boot

itwbennett writes "Researchers demonstrated at Black Hat this week two attacks that bypassed Secure Boot in order to install a UEFI bootkit — boot rootkit — on affected computers. The first exploit works because certain vendors do not properly protect their firmware, allowing an attacker to modify the code responsible for enforcing Secure Boot, said researcher Yuriy Bulygin, who works at McAfee. The second exploit demonstrated by the researchers can run in user mode, which means that an attacker would only need to gain code execution rights on the system by exploiting a vulnerability in a regular application like Java, Adobe Flash, Microsoft Office or others. In both cases, the exploits are possible not because of vulnerabilities in Secure Boot itself, but because of UEFI implementation errors made by platform vendors." Of course, a hardware security system that is too complex to verify seems like a fatal flaw.

Re:Hence why UEFI should be dismissed

[Joining Yet Again]

That's like saying metal should be dismissed because one application is the building of nuclear bombs.

UEFI's just a more modular/uniform sort of BIOS. Even the old 16-bit BIOSes could have had anti-competitive restrictions bolted on, but it wouldn't have been as easy to sell.

Re:Hence why UEFI should be dismissed

[v.dog]

Also, we should just get rid of the ignition keys for cars, since some of them can be hot wired. On an unrelated note, whereabouts is you car?

Switching to competitor requires a competitor

[tepples]

Good luck finding new "machines which cannot run the Secure Boot feature" at an affordable price once virtually every name-brand home PC not made by Apple ships with Secure Boot turned on in Windows-only mode. The last time GNU/Linux had a reasonable chance to ship on home PCs was netbooks, and Microsoft quickly killed that by offering deeply discounted Windows XP licenses for ULCPCs.