Tuesday, 25 September 2012

Windows 8 Bootkit

UEFI Technology: Say Hello to the Windows 8 Bootkit!

Writing a bootkit couldn't be an easier task for virus writers with the UEFI framework available, much easier than before when they needed to code in pure assembly.
ITSEC director Marco Giuliani sounds less than impressed by the security of the Windows 8 kernel, specifically its porting of the legacy BIOS firmware and Master Boot Record (MBR) into the new Unified Extensible Firmware Interface (UEFI), first fully supported by Microsoft in 64-bit Windows 7. Here he is referring to the fact that UEFI provides a C development environment option, whereas assembly language skills were mandatory for VXers in BIOS days.
This isn't the first Windows 8 bootkit to emerge. Last year, Vienna-based Peter Kleissner's Stoned and Stoned Lite proved the concept of loading boot malware from a USB or CD drive on older machines, However these kits didn't circumvent the UEFI. Now this has been shown to be trivial, the only remaining line of defence is to enable SecureBoot by default - an option which many critics complain could limit or even prevent the installation of such alternatives as Linux and FreeBSD.

No comments:

Post a Comment