Security researchers have a serious vulnerability found in uefi, the successor of the bios. In contrast to known security issues with uefi is the new bug is easier to exploit and not limited to certain manufacturers of chips.
Thanks to the bug allows attackers to the firmware of the uefi-chip rewrite, making them far-reaching access to the system of a victim. Discovered that security researchers Rafal Wojtczuk and Corey Kallenberg, that their findings from the cloth did on the CCC security conference in Hamburg.
By the bug to abuse the researchers were able to security mechanisms to the garden to prevent the software to the uefi chip is geflasht not the manufacturer is from. In contrast to previous vulnerabilities in uefi is the new problem easier to exploit; there is no special equipment required. Also is it a problem that all of the uefi chips, and even old bios-chips is present, claim the researchers.
One of the ways in which the researchers of the chip to the security mechanisms to the garden managed to lead, is to repeatedly perform a schrijfoperatie to the flash memory. “You can do it millions of times, and at one point succeed,” says researcher Kallenberg. This requires an attacker to have two threads open on a system with at least two cores.
“Thanks to this vulnerability, we can firmware to flash to the uefi chip, but also in system management mode enter”, says researcher Wojtczuk. In system management mode can be far-reaching changes to be made in a system, because processes with high privileges to run. Because the firmware can be geflasht, can by this vulnerability, malware can be affixed to a system after reinstallation of an operating system.
In november, researchers found to Mitre all vulnerabilities in uefi. They talked to two vulnerabilities in the reference implementation of uefi chips that Intel is prepared by many companies was acquired. As a result, the uefi chips from Phoenix, AMI, HP, and Intel itself vulnerable; also when could persistent malware to be installed.