Email or username:

Password:

Forgot your password?
Dan's posts Post Back to profile
Dan Goodin

In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect against a long-looming security threat. The threat was the specter of malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted up. From there, it could remain immune to detection and removal and could load even before the OS and security apps did.

To this day, key players in security—among them Microsoft and the US National Security Agency—regard Secure Boot as an important, if not essential, foundation of trust in securing devices in some of the most critical environments, including in industrial control and enterprise networks.

On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.

The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

“It’s a big problem,” said Martin Smolár, a malware analyst specializing in rootkits who reviewed the Binarly research and spoke to me about it. “It’s basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically… execute any malware or untrusted code during system boot. Of course, privileged access is required, but that’s not a problem in many cases.”

arstechnica.com/security/2024/

25 July at 18:10 | Open on infosec.exchange
42 comments
Steve Zakulec

@dangoodin Hi Dan, the PowerShell command in the article has an error- GFD in the comments has the right one. Enjoyed the article a lot.

25 July at 18:43 | Open on infosec.exchange
Rachel Rawlings

@dangoodin File under "News that makes people want to retire and raise chickens, until they remember bird flu."

25 July at 18:49 | Open on mastodon.social
Central Illumination Agency

@dangoodin Computers were a mistake, pt. 83,517

25 July at 19:05 | Open on chaos.social
Rairii

@dangoodin oh, good thing I publicly backed up those github repos last year when I found them archive.org/details/aaeon-uefi-firmware-git-repos

25 July at 19:33 | Open on social.nano.lgbt
Kyle Brown

@dangoodin wasn’t this literally the plot of “Red Team Blues” by @pluralistic?

25 July at 19:42 | Open on mstdn.social
RalfMaximus

@dangoodin

> Of course, privileged access is required, but that’s not a problem in many cases.”

Doesn't that make it an "already past the air lock" kind of attack?

Like, a privileged user would have to knowingly execute a link or file while ignoring all the anti-malware warnings thrown up by the o/s. Windows UAC would stop this, assuming the user is paying attention, right?

What am I missing?

25 July at 19:47 | Open on mastodon.social
Dan Goodin

@ralfmaximus

You're missing the fact that the sole reason for Secure Boot is to protect against post-exploit attacks that infect the pre-boot firmware.

25 July at 19:58 | Open on infosec.exchange
RalfMaximus

@dangoodin

Honest question, promise I'm not trolling: again, how would an attack in the wild occur using the compromised key?

I've got Windows Defender, UAC, and Malwarebytes running. I try to install an infected firmware update via its exe. One or all 3 of those tools should intercept the attempt.

If I ignore the warning(s) and proceed to install compromised firmware, that's on me at that point. Right?

25 July at 20:05 | Open on mastodon.social
Zoarial94 :donor:

@ralfmaximus @dangoodin Sorry, I answered a question you didn't even ask in my last post. Such a low-level attack would probably mean that you are a person of interest. It's probably the kind of thing where a state sponsored actor would use zero-days to get installed. But also, yes, there are people who are willing to bypass everything or turn off an anti-virus to install cheat software or whatever else they think they're installing.

25 July at 20:57 | Open on infosec.exchange
Zoarial94 :donor:

@ralfmaximus @dangoodin It's also a good thing to have defense in-depth. Considering that all software can be compromised, you want as many layers as possible. You would hope that there is another level of security preventing the motherboard firmware from being compromised if the OS is compromised as well.

25 July at 20:59 | Open on infosec.exchange
J. "Henry" Waugh

@ralfmaximus @dangoodin all three have been bypassed multiple times over the years, and installed a variety of rootkits on millions of systems to create e.g. botnet networks

There have also been various other Windows API and kernel driver flaws where the malicious software evaded their scans, which are typically "event driven"

Now imagine a rootkit where a secure erase of the disk and clean Windows reinstall would not remove it...

25 July at 21:01 | Open on chaos.social
Bench Mark

@ralfmaximus There have been many attacks where none of those protections worked.

I read in the German-language "c't" published by @heiseonline that Secure Boot was poorly designed.

25 July at 21:21 | Open on wien.rocks
Farce Majeure

@ralfmaximus @dangoodin with PKpriv you can sign updates to the trust databases and (for example) install your own bootloader that backdoors everything.

26 July at 1:07 | Open on better.boston
Geldaran

The fact that there careless and/or overworked people at all levels of IT? Or ones badgered into giving admin access to users who are completely unqualified to have it? Or that there are privilege elevation vulnerabilities that could be layered with this?

Our defenses are done in layers in the hopes that getting through one doesn't give them the keys to the castle, but when something this fundamental gets screwed up by careless bullshit from a huge vendor? It makes me wonder why we bother.

25 July at 19:59 | Open on kind.social
Raj Naghee Reddy

@ralfmaximus @dangoodin I think the concern is that businesses/orgs might simply “re-image” the compromised machine (usually means just wipe and re-install the OS) and move on. Until now, people mostly trusted that the Secure Boot stuff would protect them from a BIOS level persistence. (Even the most diligent of companies might have machines that are yet to be patched or must run an older browser version etc.)

25 July at 20:04 | Open on mastodon.social
DELETED

@dangoodin

Microsoft should be investigated as a criminal russian front

25 July at 19:53 | Open on kolektiva.social
Morten Hilker-Skaaning

@dangoodin so something that's essentially is only slightly less important than the nuclear launch codes is protected by.. <checks notes>.. "clown farts"?

25 July at 19:55 | Open on mastodon.gamedev.place
LisPi
@dangoodin @cstross Will we finally start getting rid of platform keys and having users provision their own?

That'd be nice. There's no reason to trust the corposcum not to sign malware for state surveillance agencies.
25 July at 20:04 | Open on udongein.xyz
Aracnus
Shadow06
Dan Goodin

@shadow06

You don't have a single friend or family member who is unable to follow your advice?

25 July at 21:21 | Open on infosec.exchange
Shadow06

@dangoodin

Unable no. Unwilling, yes.

I'm done coddling. People can change a tire, harvest their own food, crochet a wedding dress, but not be independent online? Terrible excuses abound.

The only credit I give them is the speed at which everything has changed. I blame technologists for having 0 social skills.

26 July at 14:17 | Open on mastodon.social
Michael Kohne

@dangoodin Can we just go back to masked ROM, please? When the BIOS couldn't be flashed in the field, it also couldn't be compromised in the field.

25 July at 20:39 | Open on mastodon.social
:gnu:Hacker

@dangoodin That was close. My motherboard is MSI.

25 July at 20:45 | Open on masto.es
GhostOnTheHalfShell
Phil Stevens

@dangoodin Phew. My laptop is from 2017.

25 July at 22:14 | Open on mastodon.nz
Dan Goodin

@phil_stevens

The keys started propagating in 2012.

25 July at 22:58 | Open on infosec.exchange
Phil Stevens

@dangoodin I know..that was sarcasm. I did check my bootloader, though.

25 July at 23:48 | Open on mastodon.nz
Coffeetest

@dangoodin I remember arguing with someone about this way back. I am not sure why I was so opposed back then but this result doesn't surprise me. IIRC maybe I was sure this was just a way to try and lock out unapproved OSs i.e. Linux but to be honest I can't recall.

The augment against me was like "but but but security!!!!!!1!!1!"

25 July at 22:17 | Open on infosec.exchange
DelegateVoid

@dangoodin For those looking for the command on Linux: you must first install the eftools package

`sudo apt-get install efitools`
`efi-readvar -v PK`

26 July at 1:50 | Open on mastodon.gamedev.place
NicknamesOfGod

@dangoodin That's what I call Security Theater. It's not about actually securing anything; it's just about appearing to done so. Also: how bad a week is Intel having, eh?

26 July at 2:14 | Open on mastodon.social
Eric Dubé

@dangoodin I'm starting to feel something of this severity is coming to surface on a weekly basis lately.

26 July at 2:48 | Open on mastodon.social
Latte macchiato :blobcoffee: :ablobcat_longlong:

@dangoodin@infosec.exchange Have these "industry-wide secret keys" ever worked? It's always some dumb stuff like this in the end ​:floofWoozy:​

26 July at 5:08 | Open on plasmatrap.com
Christian Berger DECT 2763

@dangoodin Well it's "Secure Boot". The security it's meant to provide is for business models, not for user data. So as a user I couldn't care less.

26 July at 5:38 | Open on f-ckendehoelle.de
DELETED
Jonas

@dangoodin
I'm not sure UEFI with its large attack surface is better, security-wise, than good old BIOS which was at least easily auditable.

26 July at 7:52 | Open on infosec.exchange
翠星石
@dangoodin It's a shame only one of the many keys were revealed, so while you can now at least boot whatever free software you want, the UEFI itself cannot be freed.
26 July at 15:37 | Open on freesoftwareextremist.com
John Gordon

@dangoodin Thank Darwin that was the only blunder compromising Secure Boot and we can absolutely trust it otherwise.

(Are typewriters still being made? I had a very fine electric typewriter with small edit buffer I gave away in the 90s. Now it would be worth thousands :-)

26 July at 22:39 | Open on appdot.net
Go Up