1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Secure Boot has a major security issue hundreds of devices from

    From TechnologyDaily@1337:1/100 to All on Fri Jul 26 15:45:05 2024
    Secure Boot has a major security issue hundreds of devices from Dell, Supermicro and more all affected, here's what we know

    Date:
    Fri, 26 Jul 2024 15:42:42 +0000

    Description:
    The PKfail vulnerability was hiding for more than a decade.

    FULL STORY ======================================================================

    A supply chain vulnerability, present in hundreds of devices from numerous vendors, has been discovered after hiding in plain sight for 12 years.

    The PKfail vulnerability revolves around a test Secure Boot master key which if abused, can grant threat actors the ability to completely take over the vulnerable endpoints, and install malware and other dangerous code as they
    see fit.

    The flaw was found by cybersecurity researchers from the Binarly Research Team, who noted it starts with a Secure Boot master key, also known as a Platform Key (PK), which is generated by American Megatrends International (AMI). A decade-old supply-chain flaw

    A PK is an essential component in the architecture of the Unified Extensible Firmware Interface (UEFI) Secure Boot process, designed to ensure that a computer boots only with software trusted by the Original Equipment Manufacturer (OEM). When it first generates a PK, AMI labels it as DO NOT TRUST, notifying upstream vendors to replace it with their own, securely generated key.

    However, it seems that many vendors didnt do it. Acer, Aopen, Dell,
    Formelife, Fujitsu, Gigabyte, HP, Intel, Lenovo, and Supermicro, all apparently failed to do so, putting hundreds of computers at risk. Allegedly, more than 800 products are affected.

    When a threat actor has access to a vulnerable device, they can exploit this problem to manipulate the Key Exchange Key (KEK) database, the Signature Database (db) and the Forbidden Signature Database (dbx), and thus
    effectively bypass Secure Boot. That, in turn, allows them to sign malicious code, which allows them to deploy UEFI malware.

    "The first firmware vulnerable to PKfail was released back in May 2012, while the latest was released in June 2024. Overall, this makes this supply-chain issue one of the longest-lasting of its kind, spanning over 12 years,"
    Binarly added.

    "The list of affected devices, which at the moment contains almost 900 devices, can be found in our BRLY-2024-005 advisory. A closer look at the
    scan results revealed that our platform extracted and identified 22 unique untrusted keys."

    Via BleepingComputer More from TechRadar Pro This dangerous UEFI bootkit can hijack your Windows PC with ease Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/secure-boot-has-a-major-security-issue- hundreds-of-devices-from-dell-supermicro-and-more-all-affected-heres-what-we-k now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)