The Secure Boot security mechanism of the UEFI (Unified Extensible Firmware Interface) can be circumvented on around half of PCs that use it, security researcher Corey Kallenberg from nonprofit research organization Mitre has demonstrated it at the Hack in the Box 2014 security conference in Amsterdam.
“The Unified Extensible Firmware Interface (UEFI) (pronounced as an initialism U-E-F-I or like “unify” without the n) is a specification that defines a software interface between an operating system and platform firmware. UEFI is meant to replace the Basic Input/Output System (BIOS) firmware interface, present in all IBM PC-compatible personal computers. In practice, most UEFI images provide legacy support for BIOS services. UEFI can support remote diagnostics and repair of computers, even without another operating system.” reports by Wikipedia.
The hack doesn’t work on any machine because there are significant differences in how UEFI is implemented by different computer manufacturers. The resercher demonstrated that bypassing the Secure Boot an attacker can install a bootkit, that is a rootkits which starts just before the OS hiding itself in the system’s bootloader.
Kallenberg has also shown that it’s possible to render some systems unusable by modifying a specific UEFI variable directly from the OS, a circumstance that is really worrying because attackers could easily use the technique in cyber sabotage attacks.
Just one year ago a group of researchers from Intel and Mitre discovered a significant security issue in UEFI implementations from BIOS vendor American Megatrends, the team has found that a UEFI variable called “Setup” was not properly protected and could be modified directly by a process running with administrative permissions in the OS. A similar attack could be run from the OS by a malware running with administrative privileges. An attacker is allowed the bypassing of Secure Boot modifying the Setup variable in a specific way, the Secure Boot checks if the bootloader is digitally signed and that it is on a whitelist before executing it. If an attacker modifies the Setup value the machine will not be able to start again.
Kallenberg also presented a new way to bypass Secure Boot efficient on OEMs not using the security mechanism SMI_LOCK in their UEFI implementations. The researcher discovered that in this last case it is possible to run code in kernel mode to temporarily suspend SMM (System Management Mode) and add a rogue entry into the list of trusted bootloaders by Secure Boot. The modification of the list allows at the successive reboot the execution of the malicious bootloader bypassing Secure Boot. The team of experts at Mitre developed a Windows software, dubbed Copernicus, to analyze the UEFI implementation in any system and report the different security features it uses. Running the application in their organization across 8,000 systems they have discovered that nearly 40% of the machines did not use the SMI_LOCK protection. The researchers are now extending the test to 100,000 systems outside their organization to complete their study. The group also discovered that even if OEMs release BIOS updates with SMI_LOCK protection in the future and customers install them, for nearly 50% of updated systems, attackers will be able to restore an older, unprotected BIOS version from inside the OS. Also in the scenarios exposed, an attacker serving a malware with administrative privileges could install an older digitally signed driver from a legitimate hardware manufacturer that’s known to have a vulnerability.
” Since the driver runs in kernel space, he could then exploit the vulnerability to execute malicious code with ring 0 privileges”, the researcher said.
Recovering from such an attack would be time consuming because it could be necessary to reprogram the BIOS chip with a manual intervention and specialized equipment. It’s time to consider this type of attacks seriously!
(Security Affairs – Secure Boot, cybercrime)