nsane.forums Posted September 21, 2012 Share Posted September 21, 2012 Italian researchers have developed a new bootkit capable of infecting the UEFI platform and hijacking the Windows 8 kernel. It's now easier to create such nasty things, the researchers say. The UEFI (Unified Extensible Firmware Interface) platform is the “next-gen” technology designed to replace the ancient BIOS contained within the most basic layer of hardware logic in PCs, bringing not only a more flexible environment but strong security features as well. The fact is that the UEFI platform has been already “cracked” open by a new bootkit created by Italian security researchers. Developed by ITSEC, the new bootkit is able to attack the UEFI firmware and its basic security features, possibly showing a new avenue for cyber-criminals and malware writers focused on creating “invisible” malware to hijack computers, steal user’s data and remotely-manage botnets. The tests run by ITSEC showed how the proof-of-concept bookit had been able to install itself and work “very well”, disable the Windows 8 drivers signature feature and the Patch Protection feature for the OS kernel. Conversely to the previously mentioned Stoned Lite bootkit, this new “boot rootkit” is tailored to work with the UEFI firmware. https://www.youtube.com/watch?v=xKgz4Y_sNjo Thanks to the new firmware, ITSEC researchers highlight, development of bootkit code is now easier than ever: coding older bootkits required a pretty good knowledge of the Assembly language and the inner workings of the BIOS technology, creating UEFI-tailored bootkits is much simpler because within the new platform “everything is abstracted from the machine”. And the new UEFI bootkits could easily target other operating systems besides Windows 8 as well. In the end, the researchers say that UEFI is not and cannot be the only answer to security concerns of modern PC users: cracking the new infrastructure proved to be an easy task, while the security enforcement promised by the much discussed Secure Boot feature (not attacked by the UEFI bootkit… at least for now) brings many concerns as for the openness of the PC architecture. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.