After all the “excitement” of CrowdStrike last week, let’s start this week with some good old fashioned bad news cyber security research.
Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica
Let’s get a definition of Secure Boot from Copilot AI:
“Secure Boot is a recognised security standard that ensures a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). It is a modern cyber security that has replaced the traditional BIOS on computers. Secure Boot works by verifying that the operating system’s bootloader is signed with a valid digital signature before allowing it to launch. This process helps protect against malware that attempts to load during the startup process and is a fundamental part of a secure boot-up sequence.”
I would have said is simpler, “it is your first step in having a cyber secure device as it prevents threat actors injecting malicious code into your system before other security tools are functioning.”
You get the message – it is important.
Supply Chain Breakdown
Researchers from security firm Binarly have demonstrated that Secure Boot is compromised on about 215 devices sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cyber security flaw arises from the use of a compromised cryptographic key, which is the underlying technology that makes the process secure. This key was published in a public forum on GitHub, in 2022, by someone working for a major manufacturer and although subsequent marked as “DO NOT TRUST”, it was!
The researchers have given this vulnerability the name PKfail.
Your Takeaway
There are a few instances of malware that can take advantage of a compromised Secure Boot, they are few and far between… at the moment. Remember also this only impacts machines manufacturer after the key was compromised in 2022. Manufacturers need to issue updates for the compromised and then you need to apply them. Although not hard to do equipment firmware updates are not as straight forward as software updates, so some care needs to be taken.
Also remember that even though last weeks CrowdStrike chaos was caused by an update they issued themselves, you still need to apply all cyber security patches and updates in a timely manner.
Clive Catton MSc (Cyber Security) – by-line and other articles