The UEFI (Unified Extensible Firmware Interface) platform is the “next-gen” technology designed to replace the ancient BIOS contained within the most basic layer of hardware logic in PCs, bringing not only a more flexible environment but strong security features as well. The fact is that the UEFI platform has been already “cracked” open by a new bootkit created by Italian security researchers.
Developed by ITSEC, the new bootkit is able to attack the UEFI firmware and its basic security features, possibly showing a new avenue for cyber-criminals and malware writers focused on creating “invisible” malware to hijack computers, steal user’s data and remotely-manage botnets.
The tests run by ITSEC showed how the proof-of-concept bookit had been able to install itself and work “very well”, disable the Windows 8 drivers signature feature and the Patch Protection feature for the OS kernel. Conversely to the previously mentioned Stoned Lite bootkit, this new “boot rootkit” is tailored to work with the UEFI firmware.
Thanks to the new firmware, ITSEC researchers highlight, development of bootkit code is now easier than ever: coding older bootkits required a pretty good knowledge of the Assembly language and the inner workings of the BIOS technology, creating UEFI-tailored bootkits is much simpler because within the new platform “everything is abstracted from the machine”. And the new UEFI bootkits could easily target other operating systems besides Windows 8 as well.
In the end, the researchers say that UEFI is not and cannot be the only answer to security concerns of modern PC users: cracking the new infrastructure proved to be an easy task, while the security enforcement promised by the much discussed Secure Boot feature (not attacked by the UEFI bootkit… at least for now) brings many concerns as for the openness of the PC architecture.
Source: Hardware Upgrade