Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] UEFI-based rootkits



http://www.theregister.co.uk/2012/09/19/win8_rootkit/

Starting with Windows Vista, 64-bit versions of Windows require all
kernel mode drivers be signed with a certificate obtained from
Microsoft. This proof of concept UEFI rootkit replaces the Windows 8
boot loader with a version that does not check for these signatures,
permitting malware to have its way with the target system.  While the
POC is for Windows 8, the technique could be used to compromise any OS
including Macintosh (the Macintosh UEFI POC demonstrated earlier this
year at Black Hat inspired this Windows 8 POC) and GNU/Linux. There are
no Linux UEFI rootkits yet that I am aware of, but if OS X can be
compromised this way then it's only a matter of time before someone
ports the POCs to Linux and *BSD.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org