Secure Boot useless on hundreds of PCs from major vendors after key leak

2024-07-29 01:58

Infosec in brief Protecting computers' BIOS and the boot process is essential for modern security - but knowing it's important isn't the same as actually taking steps to do it.

Take the research published last week by security boffins at firmware security vendor Binarily.

The researchers found hundreds of PCs sold by Dell, Acer, Fujitsu, Gigabyte, HP, Lenovo and Supermicro - and components sold by Intel - using what appears to be a 12-year old test platform key leaked in 2022 to protect their UEFI Secure Boot implementations.

"An attacker with access to the private part of the PK can easily bypass Secure Boot by manipulating the Key Exchange Key database, the Signature Database, and the Forbidden Signature Database," Binarily's boffins wrote.

If an attacker were to leverage the PK in an attack, they could run untrusted code during the boot process, even with Secure Boot enabled.

Security researchers at Cisco Talos released their quarterly report on incident response trends last week, and one startling trend stands out: Around 80 percent of ransomware engagements in Q2 occurred at organizations whose systems didn't employ multifactor authentication.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/29/infosec_roundup/

#boot #leak #vendor #vendors

News URL

Related news