Skip to navigation
Latest News

Hacker breaks Windows 8 Secure Boot

  • virus
  • virus

By Stewart Mitchell

Posted on 18 Nov 2011 at 10:31

An Austrian hacker claims to have written a bootkit that circumvents a key security feature in Windows 8.

Peter Kleissner, a programmer and security researcher with a history of finding exploits, said he would reveal details of the attack that bypassed Microsoft’s Secure Boot feature at the international malware conference MalCon later this month.

Kleissner previously designed the Stoned Rootkit that can control systems by using a compromised boot loader to intercept encryption keys and passwords in Windows machines.

The researcher claims Stoned Lite could compromise Windows 8, despite Microsoft’s efforts to block bootkit attacks with Secure Boot.

“Stoned Lite's infector is just 14KB in size, including driver and bootkit attacking [Windows] 2000 to 8. Bootkit can be started from USB/CD,” Kleissner said on his Twitter feed.

The researcher said the bootkit didn’t attack the Unified Extensible Firmware Interface that will replace BIOS in Windows 8 and is intended to prevent malware being loaded into the system during boot up, and instead relies on older code in the OS.

“It's not attacking UEFI or Secure Boot, right now it's working with the legacy BIOS only,” Kleissner said.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

No Surprises

This is what happens when you can't do full transitions, but have to drag along legacy frameworks until they are phased out.

Full marks to him, and zero marks to Microsoft for not grabbing a copy of his work and working around it.

To be honest they should be hiring him, at least as an advisor.

By Gindylow on 18 Nov 2011

@Gindylow

MS do have his work and probably are working around it. As there is only a developer preview currently available - the product hasn't reached even Alpha stage yet, let alone Beta, there isn't much pressure to get a patch out; it is for development purposes only and shouldn't be running on any production systems.

So fixing it by the time the Alpha or Beta appears is probably what they plan.

That is doesn't affect Windows 8 compliant machines (i.e. with UEFI), just old machines, shows that they have partly combatted the problem, since Stones original release, which affects Windows XP through 7.

By big_D on 18 Nov 2011

Nothing to see, move along now

Very confused & confusing article.

What I think it says, despite the schlock horror headline is that the 'hacker' can ONLY hack into OLD Windows systems with a non EFI BIOS.

Didn't we know that already?

Does it also work on proper EFI BIOS machines?

We have a right to know

By wittgenfrog on 18 Nov 2011

Errata

Sorry old habits etc. That shoiuld be UEFI sans the 'BIOS'....

By wittgenfrog on 18 Nov 2011

Misleading story.

'Hacker breaks Windows 8 Secure Boot' - and then, at the bottom of the story, '“It's not attacking UEFI or Secure Boot, right now it's working with the legacy BIOS only,” Kleissner said.'

Secure boot is only implemented on UEFI systems. This attack uses the MBR, code that's not executed on UEFI systems. It doesn't break secure boot. Secure boot is actually designed to protect against this sort of attack, and we haven't seen it broken in the wild yet.

By mjg59 on 18 Nov 2011

Boooo

This is just a typical anti Microsoft headline that is becomming very much the norm for PCPro.

How can you call it news for someone to hack a developer preview version of software that does not implement what he claims to have hacked.

Or is the intention to draw out a response from the likes of SwissMac, which can usually be relied upon to generate site clicks?

By chapelgarth on 18 Nov 2011

My new favourite activity

Checking seemingly non-related articles on PC Pro for anti Apple comments

By theybothrunchrome on 21 Nov 2011

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.