•  News
  • 50.2% (Neutral)
  • Member Topic Starter
When the hackers roll to Vegas, you know a good amount of exploits are going to surface. Defcon was on point this week in the Nevada desert, and here's yet another exploit that has piqued our interest. Researchers have discovered that the Windows 8 Secure Boot mechanism can be circumvented on PCs built by certain manufacturers. Why? Oversights in how those particular vendors implemented the Unified Extensible Firmware Interface (UEFI) specification.

Andrew Furtak, Oleksandr Bazhaniuk and Yuriy Bulygin were on hand to showcase their findings. Thankfully, due to the nature of the event, none of the specifics are shown; instead, companies are alerted so that fixes can be put in place before ill-willed hackers discover the same hacks. Here's a bit more on what went down:

"Secure Boot is a feature of the UEFI specification that only allows software components with trusted digital signatures to be loaded during the boot sequence. It was designed specifically to prevent malware like bootkits from compromising the boot process. According to the researchers, the exploits demonstrated at Black Hat are possible not because of vulnerabilities in Secure Boot itself, but because of UEFI implementation errors made by platform vendors. The first exploit works because certain vendors do not properly protect their firmware, allowing an attacker to modify the code responsible for enforcing Secure Boot, said Bulygin who works at McAfee. The exploit is designed to modify the platform key -- the root key at the core of all Secure Boot signature checks -- but in order to work it needs to be executed in kernel mode, the most privileged part of the operating system."

As Asus VivoBook Q200E laptop was hacked on stage, but select Asus desktop motherboards are also impacted. Asus will obviously be releasing patches soon, as would any other company that has been found to be affected.

wow they hack the lock off the book :)


So, Bulygin works at McAfee, who most likely have special access to a lot of the underlying OS stuff from both MS and PC vendors. How on earth is it ethical for him to release this info given this background?

Not that I care about the UEFI being circumvented at all, I just hate hypocrisy especially when it comes from a so-called 'security vendor' relating to a security mechanism that they now tell people how to overcome (or at the least, THAT it can be overcome).


Physical access to device.. check..  secured using a standard that has been exploited before.. check.. This is no different than rooting and unlocking the bootloader on an android device or jailbreaking an iPhone.. nothing 'new' to see here.


hahaha very funny