Compromising the Secure Boot Process
Researchers from Binarly revealed a security vulnerability in the Secure Boot process affecting over 200 device models due to a leaked cryptographic key, raising concerns about potential cyberattacks and security practices.
Read original article
Researchers from Binarly have disclosed a significant security vulnerability affecting the Secure Boot process on over 200 device models from manufacturers including Acer, Dell, Gigabyte, Intel, and Supermicro. The issue stems from a compromised cryptographic key that was leaked in a public GitHub repository in December 2022. This platform key, which is essential for establishing a secure connection between hardware and firmware, was published by an individual associated with multiple US-based device manufacturers. The repository contained the private portion of the key in an encrypted format, protected by a weak four-character password, making it easy for Binarly to decrypt and access the key.
The leaked keys were originally intended for testing purposes by AMI, a major provider of software development kits for UEFI firmware. However, they inadvertently made their way into production systems across various manufacturers, including HP and Lenovo. The revelation of this key leak undermines the security assurances provided by Secure Boot, as it allows potential attackers to bypass security measures and compromise affected devices. Security experts are now raising concerns about the implications of this vulnerability, particularly regarding the integrity of the Secure Boot process and the potential for exploitation in various cyberattacks. The incident highlights the need for improved key management practices and security protocols within the industry to prevent similar breaches in the future.
Related
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
Secure Boot is completely broken on 200 models from 5 big device makers
Researchers from Binarly found that Secure Boot is compromised on over 200 device models due to a leaked cryptographic key, posing significant security risks until manufacturers issue firmware updates.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
The Wild West of Proof of Concept Exploit Code (PoC)
CVE-2024-6387 is a serious unauthenticated remote code execution vulnerability in OpenSSH, with complex exploitation requiring knowledge of system architecture. The exploit code contains malicious elements, emphasizing risks of untrusted code.
Secure Boot useless on PCs from major vendors after key leak
A study by Binarily found that hundreds of PCs from major manufacturers are vulnerable due to a leaked 12-year-old test platform key, allowing attackers to bypass Secure Boot protections.
2 commentsRelated
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
Secure Boot is completely broken on 200 models from 5 big device makers
Researchers from Binarly found that Secure Boot is compromised on over 200 device models due to a leaked cryptographic key, posing significant security risks until manufacturers issue firmware updates.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
The Wild West of Proof of Concept Exploit Code (PoC)
CVE-2024-6387 is a serious unauthenticated remote code execution vulnerability in OpenSSH, with complex exploitation requiring knowledge of system architecture. The exploit code contains malicious elements, emphasizing risks of untrusted code.
Secure Boot useless on PCs from major vendors after key leak
A study by Binarily found that hundreds of PCs from major manufacturers are vulnerable due to a leaked 12-year-old test platform key, allowing attackers to bypass Secure Boot protections.