Researchers have presented two attack methods at Black Hat 2013

Aug 2, 2013 13:32 GMT  ·  By

Security researchers have found a way to bypass the Secure Boot system implemented in Windows 8. The attack method doesn’t rely on flaws in Secure Boot, but in the way some companies have implemented the Unified Extensible Firmware Interface (UEFI).

Present at Black Hat 2013 in Las Vegas, Andrew Furtak, Oleksandr Bazhaniuk and Yuriy Bulygin have demonstrated two attack methods that can be used to bypass the Secure Boot in an effort to install a UEFI bootkit, PCWorld reports.

One of the attack techniques relies on security holes in the device’s firmware. However, in this case, the exploit that alters the code responsible for enforcing the Secure Boot mechanism needs to be launched in kernel mode.

This makes the attack more difficult to pull off because cybercriminals would need to find a way to execute code in the part of the OS that has the most privileges.

This exploit method was reported to impacted vendors, one of which is Asus, around one year ago. The company has released some BIOS updates, but products such as the VivoBook laptop – on which the experts have made their presentation – are still vulnerable.

The second method is not as limited. Cybercriminals can leverage it to bypass Secure Boot simply by using vulnerabilities in common applications such as Microsoft Office, Java or Adobe Flash.

Since the exploited security holes have been discovered only recently, the experts haven’t named any of the impacted vendors and they haven’t provided any technical details regarding the attacks.

While security experts from all around the world try to find ways to bypass Secure Boot, Bulygin admits that the system is an important step forward in keeping computers bootkit free.