• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Vulnerability due to default key makes Secure Boot unsafe on hundreds of PC types

P4-630

P4-630

Joined
Jan 5, 2006
Messages
18,584 (2.63/day)
System Specs
System Name AlderLake
Processor Intel i7 12700K P-Cores @ 5Ghz
Motherboard Gigabyte Z690 Aorus Master
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s) MSI RTX 2070 Super Gaming X Trio
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p
Case Be quiet! Silent Base 600 - Window
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W
Mouse Logitech MX Anywhere 2 Laser wireless
Keyboard RAPOO E9270P Black 5GHz wireless
Software Windows 11
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
Hundreds of laptop models from different brands use an unsafe Secure Boot key.
As a result, it is possible to install UEFI malware such as bootkits or to disable Secure Boot completely on at least 900 devices from well-known brands such as Acer and Dell.

Researchers from Binarly draw this conclusion in a study they call PKfail.

Systems affected:

SupplyChainAttacks/PKfail/ImpactedDevices.md at main · binarly-io/SupplyChainAttacks

Contribute to binarly-io/SupplyChainAttacks development by creating an account on GitHub.
github.com

The researchers looked at an internal dataset with UEFI firmware images and scanned them for the use of the Platform Key in question.
According to them, there are more than 900 laptops and systems from Acer, Dell, Gigabyte, HP and Lenovo that are vulnerable to PKfail.
This makes it possible to completely bypass Secure Boot and install code on a system, such as a UEFI rootkit.

The researchers say that the affected devices use a Platform Key that is no longer secure. Such a Platform Key is a kind of master key for Secure Boot devices.
The researchers found a git repository online that contained that master key. That repo was updated in December 2022, but has since been taken offline.
It’s not known when that happened or who had access to it in the meantime, but the researchers say all devices using that master key are vulnerable.
The git repo itself was encrypted, but the password was only four characters long, making it relatively easy to crack.

In practice, this is quite a lot of work; an attacker still has to manipulate the Key Exchange Key, Signature and Forbidden Signature databases on a system.
The researchers have also released a proof-of-concept. This shows how the bug can be exploited on both a Windows and Ubuntu PC.

Kwetsbaarheid door standaardkey maakt Secure Boot op honderden pc-typen onveilig

Honderden laptopmodellen van verschillende merken gebruiken een onveilige Secure Boot-key. Daardoor is het op minstens 900 modellen van bekende merken zoals Acer en Dell mogelijk om uefimalware zoals bootkits te plaatsen of Secure Boot volledig uit te schakelen.
tweakers.net
 
Last edited:
chrcoluk said:
In short a testing key that was only ever intended for internal use was shipped publically.
Click to expand...

There are two issues they found:

1) a key was left enabled where the private part was accidentally posted on github. This affects about 200 models and is a super screwup

2) as you say, a testing key was shipped
 
Insecure secure boot! :rolleyes:
 
chrcoluk said:
Ouch, shame most of the video is explaining how secure boot works, its why I usually prefer walls of text.

In short a testing key that was only ever intended for internal use was shipped publically.
Click to expand...
He is a Retired MS Developer from the beginning
 
P4-630 said:
In practice, this is quite a lot of work; an attacker still has to manipulate the Key Exchange Key, Signature and Forbidden Signature databases on a system.
The researchers have also released a proof-of-concept. This shows how the bug can be exploited on both a Windows and Ubuntu PC.
Click to expand...

This reminds me a bit of the spectre/meltdown where the code had to be locally executed and running unnoticed on the machine, and then would access certain speculative execution registers on the processor (in tiny fragments) and then could send the data back to the attacker to have him piece it together and POTENTIALLY find a password or something in there...

1722055645422.png


Here you go, bro... good luck.

I feel like this is the least of your problems if an attacker is already on the machine with a su console or an admin powershell
 
Last edited:
Powershell command to test on your own system:
Code: 
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI PK).bytes) -match "DO NOT TRUST|DO NOT SHIP"
 
phanbuey said:
This reminds me a bit of the spectre/meltdown where the code had to be locally executed and running unnoticed on the machine, and then would access certain speculative execution registers on the processor (in tiny fragments) and then could send the data back to the attacker to have him piece it together and POTENTIALLY find a password or something in there...

View attachment 356525

Here you go, bro... good luck.

I feel like this is the least of your problems if an attacker is already on the machine with a su console or an admin powershell
Click to expand...
I agree for the most part, if the machine is already owned, then further exploitation via spectre etc. is moot.

Although a bios based rootkit is different in that even reinstalling the OS wouldnt clean out the system. Presumably one would have to wipe the keys in the bios (in case a new one was added via the malware author), and then if the bios has such a feature wipe all of the writable EFI area.

Thinking about this a little more though, affected systems are compromised at this point regardless of any bios cleaning, as someone decided it was a good idea to not let people view/delete the existing keys, so you then just at the mercy of the manufacturer to provide a bios update, and given the replies from Lenova and co, I dont think one is forthcoming. I do think the practical use case for an actual ongoing bios compromise is limited though, this problem means the bootloader could be replaced for the existing operating system, and from there it can progress, but a full clean reinstall would then reset that bootloader, and the original compromise that allowed them to replace the bootloader in the first place.

But I agree with your basic point, once you are owned, you are owned, regardless of secondary infections.
 
chrcoluk said:
I agree for the most part, if the machine is already owned, then further exploitation via spectre etc. is moot.

Although a bios based rootkit is different in that even reinstalling the OS wouldnt clean out the system. Presumably one would have to wipe the keys in the bios (in case a new one was added via the malware author), and then if the bios has such a feature wipe all of the writable EFI area.

Thinking about this a little more though, affected systems are compromised at this point regardless of any bios cleaning, as someone decided it was a good idea to not let people view/delete the existing keys, so you then just at the mercy of the manufacturer to provide a bios update, and given the replies from Lenova and co, I dont think one is forthcoming. I do think the practical use case for an actual ongoing bios compromise is limited though, this problem means the bootloader could be replaced for the existing operating system, and from there it can progress, but a full clean reinstall would then reset that bootloader, and the original compromise that allowed them to replace the bootloader in the first place.

But I agree with your basic point, once you are owned, you are owned, regardless of secondary infections.
Click to expand...
I just think that these researchers run the "boy who cried wolf" risk by overplaying some of these more obscure vulnerabilities. It would help if they gave a "real world risk rating" or some other practical guage of the probability of that this exploit will be used. Maybe a risk by consumer type gauge.
 
Last edited:
chrcoluk said:
Although a bios based rootkit is different in that even reinstalling the OS wouldnt clean out the system. Presumably one would have to wipe the keys in the bios (in case a new one was added via the malware author), and then if the bios has such a feature wipe all of the writable EFI area.

Thinking about this a little more though, affected systems are compromised at this point regardless of any bios cleaning, as someone decided it was a good idea to not let people view/delete the existing keys, so you then just at the mercy of the manufacturer to provide a bios update, and given the replies from Lenova and co, I dont think one is forthcoming. I do think the practical use case for an actual ongoing bios compromise is limited though, this problem means the bootloader could be replaced for the existing operating system, and from there it can progress, but a full clean reinstall would then reset that bootloader, and the original compromise that allowed them to replace the bootloader in the first place.
Click to expand...

This was the topic of a Qubes OS talk at a recent chaos communication congress. Can't find the link right now.

Basically a computer must not be allowed to have any writeable memory that cannot be removed and mounted in very raw mode on a different computer. The BIOS is the obvious example, but it also applies to all kinds of extension cars, especially wifi. Only that will give you the transparency you need.

It goes without saying that security features like secure boot in the hands of vendors that behave like amateurs is unacceptable, too. The whole shebang needs to be open source.
 
It's basically a non issue as the "hacker" must have direct access to the device.
Then you have bigger issues.
 
@phanbuey
@Caring1
until its someone working at the location (gov/mil etc; no suspicion about being around), going rogue.

not everything is about a real world use on a single end user pc, and for certain things even a "less than 1%/not likely.." isnt good enough (to not worry about it)..
 
Caring1 said:
It's basically a non issue as the "hacker" must have direct access to the device.
Then you have bigger issues.
Click to expand...
Agree. I'm pretty sure that us normal home users are fine.
 
Waldorf said:
@phanbuey
@Caring1
until its someone working at the location (gov/mil etc; no suspicion about being around), going rogue.

not everything is about a real world use on a single end user pc, and for certain things even a "less than 1%/not likely.." isnt good enough (to not worry about it)..
Click to expand...
That's why I think a risk rating by consumer group would be useful.

Even on mil/gov machines - why try to use this exploit when you already have root?
 
phanbuey said:
That's why I think a risk rating by consumer group would be useful.

Even on mil/gov machines - why try to use this exploit when you already have root?
Click to expand...
What OSes militaries use today? When I served in 2010, they had Toughbooks with Win7.
 
Ruru said:
What OSes militaries use today? When I served in 2010, they had Toughbooks with Win7.
Click to expand...
XP, Vista, When I got out in 2012 they were using 7, they probably are using 10
 
@phanbuey
because not everyone with physical access, has a (root) login.
while its a bit ago, when i worked for gov stores, never seen any access to the server/room being restricted past it being located in the back area of an office (IT),
and half the time not occupied by a person.

and its not always about the OS. i had a secure boot board before i was using 10..
 
Waldorf said:
@phanbuey
because not everyone with physical access, has a (root) login.
while its a bit ago, when i worked for gov stores, never seen any access to the server/room being restricted past it being located in the back area of an office (IT),
and half the time not occupied by a person.

and its not always about the OS. i had a secure boot board before i was using 10..
Click to expand...
yeah but in order to modify the boot manager you have to have ROOT access, in order for this exploit to work.
 
phanbuey said:
yeah but in order to modify the boot manager you have to have ROOT access, in order for this exploit to work.
Click to expand...
So practically a typical home user is safe?
 
phanbuey said:
meltdown
Click to expand...
Meltdown was a lot worse than Spectre. It could basically enable any process to become admin/root, no sorting or sifting needed.

phanbuey said:
I just think that these researchers run the "boy who cried wolf" risk by overplaying some of these more obscure vulnerabilities. It would help if they gave a "real world risk rating" or some other practical guage of the probability of that this exploit will be used. Maybe a risk by consumer type gauge.
Click to expand...
Most of these postings have an officially assigned severity rating. Blame media outlets for not posting it. It's not the researchers fault ya'll like sensationalism and continually feed the media beast.
 
You must log in or register to reply here.
Back
Top