![]() ![]() As a result, the first publicly known UEFI bootkit bypassing the essential platform security feature-UEFI Secure Boot-is now a reality. The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’t gone unnoticed by threat actors. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced. These traits make the UEFI the perfect place to launch malware. ![]() Others, including BlackLotus, target the software stored in the EFI system partition.īecause the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. ![]() ![]() Previously discovered bootkits such as CosmicStrand, MosaicRegressor, and MoonBounce work by targeting the UEFI firmware stored in the flash storage chip. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. These sophisticated pieces of malware target the UEFI-short for Unified Extensible Firmware Interface-the low-level and complex chain of firmware responsible for booting up virtually every modern computer. Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.”ĭubbed BlackLotus, the malware is what’s known as a UEFI bootkit. BlackLotus Malware Hijacks Windows Secure Boot Process ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |