Hacker breaks Windows 8 Secure Boot
By Stewart Mitchell
Posted on 18 Nov 2011 at 10:31
An Austrian hacker claims to have written a bootkit that circumvents a key security feature in Windows 8.
Peter Kleissner, a programmer and security researcher with a history of finding exploits, said he would reveal details of the attack that bypassed Microsoft’s Secure Boot feature at the international malware conference MalCon later this month.
Kleissner previously designed the Stoned Rootkit that can control systems by using a compromised boot loader to intercept encryption keys and passwords in Windows machines.
The researcher claims Stoned Lite could compromise Windows 8, despite Microsoft’s efforts to block bootkit attacks with Secure Boot.
“Stoned Lite's infector is just 14KB in size, including driver and bootkit attacking [Windows] 2000 to 8. Bootkit can be started from USB/CD,” Kleissner said on his Twitter feed.
The researcher said the bootkit didn’t attack the Unified Extensible Firmware Interface that will replace BIOS in Windows 8 and is intended to prevent malware being loaded into the system during boot up, and instead relies on older code in the OS.
“It's not attacking UEFI or Secure Boot, right now it's working with the legacy BIOS only,” Kleissner said.
This is what happens when you can't do full transitions, but have to drag along legacy frameworks until they are phased out.
Full marks to him, and zero marks to Microsoft for not grabbing a copy of his work and working around it.
To be honest they should be hiring him, at least as an advisor.
By Gindylow on 18 Nov 2011
MS do have his work and probably are working around it. As there is only a developer preview currently available - the product hasn't reached even Alpha stage yet, let alone Beta, there isn't much pressure to get a patch out; it is for development purposes only and shouldn't be running on any production systems.
So fixing it by the time the Alpha or Beta appears is probably what they plan.
That is doesn't affect Windows 8 compliant machines (i.e. with UEFI), just old machines, shows that they have partly combatted the problem, since Stones original release, which affects Windows XP through 7.
By big_D on 18 Nov 2011
Nothing to see, move along now
Very confused & confusing article.
What I think it says, despite the schlock horror headline is that the 'hacker' can ONLY hack into OLD Windows systems with a non EFI BIOS.
Didn't we know that already?
Does it also work on proper EFI BIOS machines?
We have a right to know
By wittgenfrog on 18 Nov 2011
Sorry old habits etc. That shoiuld be UEFI sans the 'BIOS'....
By wittgenfrog on 18 Nov 2011
'Hacker breaks Windows 8 Secure Boot' - and then, at the bottom of the story, '“It's not attacking UEFI or Secure Boot, right now it's working with the legacy BIOS only,” Kleissner said.'
Secure boot is only implemented on UEFI systems. This attack uses the MBR, code that's not executed on UEFI systems. It doesn't break secure boot. Secure boot is actually designed to protect against this sort of attack, and we haven't seen it broken in the wild yet.
By mjg59 on 18 Nov 2011
This is just a typical anti Microsoft headline that is becomming very much the norm for PCPro.
How can you call it news for someone to hack a developer preview version of software that does not implement what he claims to have hacked.
Or is the intention to draw out a response from the likes of SwissMac, which can usually be relied upon to generate site clicks?
By chapelgarth on 18 Nov 2011
My new favourite activity
Checking seemingly non-related articles on PC Pro for anti Apple comments
By theybothrunchrome on 21 Nov 2011
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords