Attack On Titan

It’s debatable just how useful Secure Boot is for end users, but now there’s yet another issue with Secure Boot, or more specifically, a trio of signed bootloaders. Researchers at Eclypsium have identified problems in the Eurosoft, CryptoPro, and New Horizon bootloaders. In the first two cases, a way-too-flexible UEFI shell allows raw memory access. A startup script doesn’t have to be signed, and can easily manipulate the boot process at will. The last issue is in the New Horizon Datasys product, which disables any signature checking for the rest of the boot process — while still reporting that secure boot is enabled. It’s unclear if this requires a config option, or is just totally broken by default.

The real issue is that if malware or an attacker can get write access to the EFI partition, one of these signed bootloaders can be added to the boot chain, along with some nasty payload, and the OS that eventually gets booted still sees Secure Boot enabled. It’s the perfect vehicle for really stealthy infections, similar to CosmicStrand, the malicious firmware we covered a few weeks ago.
Continue reading “This Week In Security: Secure Boot Bypass, Attack On Titan M, KASLR Weakness” →

Hackaday

1 Articles

This Week In Security: Secure Boot Bypass, Attack On Titan M, KASLR Weakness

Search

Never miss a hack

If you missed it

Remembering Peter Higgs And The Gravity Of His Contributions To Physics

Chandra X-ray Observatory Threatened By Budget Cuts

In A Twist, Humans Take Jobs From AI

Heating Mars On The Cheap

Where Graph Theory Meets The Road: The Algorithms Behind Route Planning

Our Columns

Retrotechtacular: The Other Kind Of Fallout Show

Logic Analyzers: Decoding And Monitoring

Hackaday Links: April 14, 2024

Hackaday Podcast Episode 266: A Writer’s Deck, Patching Your Battleship, And Fact-Checking The Eclipse

This Week In Security: BatBadBut, DLink, And Your TV Too

Search

Never miss a hack

Subscribe

If you missed it

Our Columns