Secure Boot Very Broken

Liste des GroupesRevenir à csipg action 
Sujet : Secure Boot Very Broken
De : spallshurgenson (at) *nospam* gmail.com (Spalls Hurgenson)
Groupes : comp.sys.ibm.pc.games.action
Date : 28. Jul 2024, 05:39:13
Autres entêtes
Message-ID : <dhhbaj9j7o9rld5tg1qp44jkdi3111g303@4ax.com>
User-Agent : Forte Agent 2.0/32.652
Not really a computer game issue, but it /is/ computer related so I'll
post this here anyway. ;-)


"Secure Boot", first released a decade ago, was supposed to hearken a
new age of security for users. It was supposed to create an
unbreakable foundation on which all other security methods would be
built. With SecureBoot, you could be sure that there was no way for a
rootkit to bypass the OS, because OS and BIOS would create an
unbreakable handshake. Thanks to secure hardware keys, so long as
SecureBoot was enabled, nothing could subvert the core OS functions.

But, as with a lot of security, it depends heavily on using strong
cryptographic keys through which the communications between operating
system and hardware could be safely transmitted. Unfortunately, for a
lot of devices, a secure cryptographic key is /not/ what was used.

Instead, a short (4 character) key was used instead. A key so insecure
a 386 probably could break it in seconds. Modern malware, using modern
processors, could subvert it so fast it isn't even worth timing it.

The key itself was provided to hardware manufacturers as a test key.
Despite including the word "AMI Test PK" (public key) and "DO NOT
TRUST", it was embedded into the BIOS of at /least/ 300 device models,
from manufacturers include Acer, Intel, Gigabyte, Aopen, Lenove, HP
and Dell. This means that any security that relies on SecureBoot
(which pretty much includes any Windows machine since 2012) isn't very
secure at all. Everything from HTTPS to Bitlocker is vulnerable now.

How much more vulnerable this makes the average end-user is debatable.
There are a lot of ways to get access to the average computer that
don't require subverting SecureBoot, after all (easiest is just to act
as if you're trustworthy person and tell them to download some malware
;-). But there are institutions which rely on secure hardware - banks,
for instance, or vital infrastructure- and these have just become a
lot more hackable.

If you're interested in seeing if your machine is vulnerable, open a
Powershell command prompt (using administrator access) and enter the
following command (all one line):


[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI PK).bytes)
-match "DO NOT TRUST|DO NOT SHIP"


If it returns false, your PC isn't using the vulnerable key. If true,
then you'll want to check for a BIOS update. Assuming there is one;
most manufacturers have washed their hands of the issue, claiming that
since the affected boards are no longer being sold, it's not their
problem.

(depending on your BIOS, there may also be ways to reset the key
yourself. Figuring out how to do that is an exercise left to the
reader ;-)

Again, this isn't a reason for the average user to panic; most
day-to-day hackers aren't going to be using this method to crack into
your PCs. But if you were thinking that you needn't worry about
somebody accessing your files if you lost your laptop, well... you may
not be as protected as you think.


Read more here:
https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/




Date Sujet#  Auteur
28 Jul 24 * Secure Boot Very Broken5Spalls Hurgenson
28 Jul 24 `* Re: Secure Boot Very Broken4JAB
28 Jul 24  `* Re: Secure Boot Very Broken3Spalls Hurgenson
29 Jul 24   +- Re: Secure Boot Very Broken1JAB
29 Jul 24   `- Re: Secure Boot Very Broken1JAB

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal