In most UEFI firmware setups, options are available to password-protect the system from unauthorized access during the early stages of the boot process. The most common options allow setting passwords to protect access to the UEFI firmware setup, to prevent the system from booting and to access the disk.
UEFI firmware backdoors are mechanisms that allow bypassing these protections without knowing the user-configured password. While such UEFI firmware backdoors are very common – mainly used as a recovery mechanism in case the computer’s owner forgets the password – they come with a number of security implications. Besides allowing attackers with physical access to the affected computer to bypass various security mechanisms, they also create a false sense of security in users who are unaware of them and may believe their computers are unbootable by anyone who doesn’t possess the password.
The most prevalent of the UEFI firmware backdoors we analyzed is the so-called ASUS backdoor. Our research confirmed that at least six ASUS laptop models were shipped with the backdoor; the number, however, is likely much higher (manually checking the presence in every ASUS laptop model was out of the scope of our research). Following our notification to ASUS about the backdoor in April 2019, the vendor removed the issue and released firmware updates on June 14th, 2019.
OS-level persistence modules – firmware components responsible for installing software at the operating system level. With these persistence modules, the main security problem is that – due to the complicated nature of delivering firmware updates – a computer shipped with a vulnerable firmware component will most likely remain vulnerable during its whole lifetime. For this reason, we believe firmware persistence should be avoided as much as possible and limited to cases where it is strictly necessary, as is the case with anti-theft solutions.
To learn more about our research, please refer to the full paper, A machine-learning method to explore the UEFI landscape.
UEFI firmware backdoors are mechanisms that allow bypassing these protections without knowing the user-configured password. While such UEFI firmware backdoors are very common – mainly used as a recovery mechanism in case the computer’s owner forgets the password – they come with a number of security implications. Besides allowing attackers with physical access to the affected computer to bypass various security mechanisms, they also create a false sense of security in users who are unaware of them and may believe their computers are unbootable by anyone who doesn’t possess the password.
The most prevalent of the UEFI firmware backdoors we analyzed is the so-called ASUS backdoor. Our research confirmed that at least six ASUS laptop models were shipped with the backdoor; the number, however, is likely much higher (manually checking the presence in every ASUS laptop model was out of the scope of our research). Following our notification to ASUS about the backdoor in April 2019, the vendor removed the issue and released firmware updates on June 14th, 2019.
OS-level persistence modules – firmware components responsible for installing software at the operating system level. With these persistence modules, the main security problem is that – due to the complicated nature of delivering firmware updates – a computer shipped with a vulnerable firmware component will most likely remain vulnerable during its whole lifetime. For this reason, we believe firmware persistence should be avoided as much as possible and limited to cases where it is strictly necessary, as is the case with anti-theft solutions.
To learn more about our research, please refer to the full paper, A machine-learning method to explore the UEFI landscape.
No comments :
Post a Comment