| Deutsch English Français Italiano |
|
<v84um1$3rk37$2@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!feeder1.cambriumusenet.nl!feed.tweak.nl!217.73.144.44.MISMATCH!feeder.ecngs.de!ecngs!feeder2.ecngs.de!168.119.53.7.MISMATCH!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: JAB <noway@nochance.com> Newsgroups: comp.sys.ibm.pc.games.action Subject: Re: Secure Boot Very Broken Date: Sun, 28 Jul 2024 09:14:55 +0100 Organization: A noiseless patient Spider Lines: 82 Message-ID: <v84um1$3rk37$2@dont-email.me> References: <dhhbaj9j7o9rld5tg1qp44jkdi3111g303@4ax.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sun, 28 Jul 2024 10:14:57 +0200 (CEST) Injection-Info: dont-email.me; posting-host="ec33872b7ead2dd0b97461e288f605d7"; logging-data="4051047"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/zkG0tQq64x+xo/8oBh5Yl" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:doUDUI9pTUAG3bpaLTDPTJ/tL9Y= Content-Language: en-GB In-Reply-To: <dhhbaj9j7o9rld5tg1qp44jkdi3111g303@4ax.com> Bytes: 5271 On 28/07/2024 05:39, Spalls Hurgenson wrote: > Not really a computer game issue, but it /is/ computer related so I'll > post this here anyway. ;-) > > > "Secure Boot", first released a decade ago, was supposed to hearken a > new age of security for users. It was supposed to create an > unbreakable foundation on which all other security methods would be > built. With SecureBoot, you could be sure that there was no way for a > rootkit to bypass the OS, because OS and BIOS would create an > unbreakable handshake. Thanks to secure hardware keys, so long as > SecureBoot was enabled, nothing could subvert the core OS functions. > > But, as with a lot of security, it depends heavily on using strong > cryptographic keys through which the communications between operating > system and hardware could be safely transmitted. Unfortunately, for a > lot of devices, a secure cryptographic key is /not/ what was used. > > Instead, a short (4 character) key was used instead. A key so insecure > a 386 probably could break it in seconds. Modern malware, using modern > processors, could subvert it so fast it isn't even worth timing it. > > The key itself was provided to hardware manufacturers as a test key. > Despite including the word "AMI Test PK" (public key) and "DO NOT > TRUST", it was embedded into the BIOS of at /least/ 300 device models, > from manufacturers include Acer, Intel, Gigabyte, Aopen, Lenove, HP > and Dell. This means that any security that relies on SecureBoot > (which pretty much includes any Windows machine since 2012) isn't very > secure at all. Everything from HTTPS to Bitlocker is vulnerable now. > > How much more vulnerable this makes the average end-user is debatable. > There are a lot of ways to get access to the average computer that > don't require subverting SecureBoot, after all (easiest is just to act > as if you're trustworthy person and tell them to download some malware > ;-). But there are institutions which rely on secure hardware - banks, > for instance, or vital infrastructure- and these have just become a > lot more hackable. > > If you're interested in seeing if your machine is vulnerable, open a > Powershell command prompt (using administrator access) and enter the > following command (all one line): > > > [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI PK).bytes) > -match "DO NOT TRUST|DO NOT SHIP" > > > If it returns false, your PC isn't using the vulnerable key. If true, > then you'll want to check for a BIOS update. Assuming there is one; > most manufacturers have washed their hands of the issue, claiming that > since the affected boards are no longer being sold, it's not their > problem. > > (depending on your BIOS, there may also be ways to reset the key > yourself. Figuring out how to do that is an exercise left to the > reader ;-) > > Again, this isn't a reason for the average user to panic; most > day-to-day hackers aren't going to be using this method to crack into > your PCs. But if you were thinking that you needn't worry about > somebody accessing your files if you lost your laptop, well... you may > not be as protected as you think. > > > Read more here: > https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/ > Not good but having worked in software security for a long time it doesn't really surprise me which is why you'll supposed to have people who understand things to make sure it's done right. I think a lot of this comes down to this peculiar trait of software development in that unlike most software/hardware security doesn't provide direct functionality to the user but instead acts as a gate keeper to it. To put it simply, I worked on a system which from a users point of view would work perfectly. When I looked properly at the encryption function, not good. As for the banks part, I'd hope that banks still use dedicated hardware, and have a team to basically certify that it is secure, for key security functions.