back to article It's official: BlackLotus malware can bypass Secure Boot on Windows machines

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled. Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines. But by …

  1. VoiceOfTruth

    So much for Secure Boot.

    Secure Boot 2.0 will be out soon. It will be the last Secure Boot that you will ever need. It will render your machine unbootable so it will secure by default.

    1. Anonymous Coward
      Anonymous Coward

      Re: So much for Secure Boot.

      its already here KB5022842 hahahah

  2. fredds

    Does it affect linux boxes?..yet.

    1. Anonymous Coward
      Anonymous Coward

      Aguably yes, with some large buts attached

      This is really a stack of problems stretching across the motherboard and firmware, UEFI boot process and operating systems.

      Many Linux systems bypass this process entirely, and avoid it by being totally insecure at boot time, or only partially support the secure boot chain, leaving gaping holes in the security model. There is some work to close these holes, but the affected Lenovo laptops mentioned in the article would still be a problem, as the entire chain from hardware startup to handover to a signed OS session needs to be secure. It can fail at many levels, and needs a secure handoff from systems built by one company to ones built by others. As a result I expect this is going to be an ongoing problem for the foreseeable future, as the cat and mouse game of discovering and patching flaws continue.

      Other than against WSL users this type of rootkit wouldn't be able to load it's windows specific last stage payload under a linux system, but the system is still compromised at a low level and all it would take was a reboot into to a windows session to wake the malware back up.

      1. Fr. Ted Crilly Silver badge

        Re: Aguably yes, with some large buts attached

        simple, turf windows off for good... ;-)

        1. Paul Herber Silver badge

          Re: Aguably yes, with some large buts attached

          Turf windows

          Is that the same as putting it out to grass?

    2. seven of five Silver badge
      Joke

      Doesn't have to, most of them are already infected by systemd.

    3. phuzz Silver badge
      Linux

      Linux already had this problem a few years back, when a vulnerability was discovered in grub (CVE-2020-10713).

      In that case, the vulnerability was fixed by August 2020, but the UEFI revocation list wasn't updated until at least October that year. Unless you've used fwupdmgr to update your UEFI since then, your system will still be vulnerable to an attack leveraging the old version of grub. (As well as this new malware I guess).

  3. An_Old_Dog Silver badge
    Pirate

    Just *Another* Way into Your Box

    If the TLAs want in to your box, they already can get there via the Intel Management Engine (Intel) or via the Platform Security Processor (AMD). Or via CPU microcode loading (which supposedly is secure, with only Intel/AMD knowing how it's done and what the signatures should be).

    (Icon for computer-raiders ...)

    1. stiine Silver badge
      Facepalm

      Re: Just *Another* Way into Your Box

      Which, for a few thousand dollars, you can shave the IME/PSP and decode it that way.

  4. Norman123

    Hmmmmm....I wonder which spook agency is behind these bugs, here, or there or both?

    1. Wayland
  5. Pascal Monett Silver badge

    "exploit it because the affected signed binaries have not been added to the UEFI revocation list"

    So the solution is already known, but nobody's working on it ?

    I would have thought that adding a new entry to a list is something that wouldn't take days, let alone weeks, to get done.

    I'm going to have to seriously rethink my project time estimates. Modify the input form ? That'll be six months, sir.

    1. OhForF' Silver badge

      Re: UEFI revocation list

      Adding the entry is probably not a problem technically.

      However it's quite possible that the decision not to add those legitimate but vulnerable binaries to the revocation list was taken because doing so has a potential to make a lot of devices that are not yet patched unusable. If that hits a big company they might even decide to have their lawyers check if the small print in the EULA or elsewhere really allows providers to force updates on you that make your device unusable for its primary purpose just to fix a hole in the secure boot process those companies might not care about.

      Now that this is actively exploited the decision may change - are you sure nobody is working on it right now?

      1. phuzz Silver badge

        Re: UEFI revocation list

        Even once the checksums of the vulnerable binaries have been added to the revocation list, that list still needs to be imported into the UEFI of each device.

        Presumably Microsoft could make sure that the dbx update wasn't applied until after the bootloader had been updated in the same way that fwupdmgr on Linux checks before it applies a dbx update that it's not using binaries that are about to be blocked.

        I guess you could run into a problem if you update your 'BIOS'* and that updates the revocation list, before you've upgraded your OS

        * Technically it's a UEFI not a BIOS any more, but I keep using the old name

        1. RegGuy1 Silver badge

          Technically it's a UEFI not a BIOS any more, but I keep using the old name

          Technically it's the fuck up we all knew would happen at some point. Microsoft doing its best to try to stop people loading Linux onto a machine that is only supposed (according to Microsoft) to run their virus (sorry, OS). So now we have an incredibly complex piece of software that replaces the relatively simple BIOS; something so complex its attack vector has been breached.

          I always thought with security less is more -- that you reduce the space someone could infect a machine. But Microsoft were more concerned about stopping peopling removing their OS and putting Linux on (ok, I concede many versions now use systemd, another complex piece of crap that makes it difficult to know if it's been compromised; bring back the SVR3 startup scripts!).

          Well done Microsoft.

  6. Wayland

    Kaspersky?

    Kaspersky? I thought we hate the Russians now. If El Reg is talking to the Russians should they not have their assets frozen?

    1. Roland6 Silver badge

      Re: Kaspersky?

      I recently read a PC magazines 2023 review of Windows security suites, Kaspersky wasn’t listed, but was included as footnote - they had tested it and it would have topped the table however they couldn’t be seen to promote Russian software….

  7. flayman

    Nothing is unexploitable. Someone will always find a weakness.

    "Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines. But ... "

    But the reality is that nothing fucking works, so what's the fucking point? I quit.

    1. anonymous boring coward Silver badge

      Re: Nothing is unexploitable. Someone will always find a weakness.

      I think the takeaway here is that it's a Microsoft designed safety feature. So can't be trusted.

  8. Dabooka

    Someone explain to a novice

    I don't know much about the Secure Boot module aside from the lack of it prevents me upgrading an old Thinkpad to Win 11, so can someone explain to me what the word 'Secure' means in this context?

    Obviously it means something different entirely

    1. nijam Silver badge

      Re: Someone explain to a novice

      > ...can someone explain to me what the word 'Secure' means in this context?

      It means what it always mean when Microsoft say it.

    2. teknopaul

      Re: Someone explain to a novice

      Chill, someone just found you a way to upgrade.

    3. Version 1.0 Silver badge
      Joke

      Re: Someone explain to a novice

      Secure now means Secret Extra Cash Updates Required Emergency - and then microsoft windows 12 will be sold everywhere.

  9. david1024

    Secure boot is only part of the solution

    Secure boot alone, and not monitoring at the application layer with dedicated hardware will never be a 100% solution. Securing a PC actually is possible these days, but it is not cheap and hard to maintain. The tech has been in existence for about 10 years now.

    So, secure boot, the way they have implemented it, is working as well as can be expected...

    1. Roland6 Silver badge

      Re: Secure boot is only part of the solution

      Well, when the physical PC BIOS ROM was replaced by something that could be in situ software updated (with no motherboard jumpers to be installed/removed), it was said this was a security risk…

      1. Mike 125

        Re: Secure boot is only part of the solution

        >PC BIOS ROM was replaced by something that could be in situ software updated (with no motherboard jumpers to be installed/removed), it was said this was a security risk…

        The same was said for processor microcode. But nobody listened then either.

        And the keys were hacked.

        And Intel continues moronically on in its parallel universe, where speed is all that counts.

        1. Roland6 Silver badge

          Re: Secure boot is only part of the solution

          Do SSD’s run an OS?

          Just asking as a few years back there was talk about malware that attacked the HDD OS…

          1. Mike 125

            Re: Secure boot is only part of the solution

            There'll be an embedded controller with a dedicated kernel. (See 'firmware version' on disk maintenance tools). And the kernel *should be* firmware- not writable externally.

            Then there'll be configuration type flash, writable by the host in some way.

            As for malware attacking a disk- if the host is pwned, and there's a weakness at the host <-> disk interface, anything's possible. Where the disk sits within the overall PC security model, or even if that's a thing- I have no idea.

  10. wsm

    Vanity, thy name is Microsoft

    Couldn't be that the MS people actually believe they make bulletproof software, thus preventing them from improving anything and eliminating this threat also?

    We have all seen management like this. They won't allow improvement since they only approve perfection. No changes necessary, ever.

    1. Elongated Muskrat Silver badge

      Re: Vanity, thy name is Microsoft

      To be fair, whilst the vector for this is Windows, the flaw that is being exploited is in UEFI, and Microsoft are only one twelfth of the UEFI Forum board, so they can't really be assigned all the blame. In this case, the likes of Apple, Dell, and HP are all equally culpable.

  11. Anonymous Coward
    Anonymous Coward

    Network Service == Single Point Of Failure

    Have I mentioned this before?

    Perhaps I was commenting on E2EE (you know....Signal, Telegram and so on...)....

    But now Windows 11 as well.............

    Of course, the M$ demand for a Microsoft online account BEFORE one can run a new Win11 install.....of course, nothing to do with this report!

    More to come, I'm sure............

    1. The Basis of everything is...
      Unhappy

      Re: Network Service == Single Point Of Failure

      FWIW I installed a brand new Win 11 machine 2 months ago and was able to do so without creating a personal Microsoft account. It took a lot of googling to find there is a very small link hidden away to let you configure against a traditional domain, which then lets you get an old fashioned install and to be fair it then worked as perfectly as you'd expect for a Windows laptop.

      Second day on the job and I then had to join the Azure AD domain and all the goodness of M365 et al...

      How much longer this will be allowed is another question - they seem hellbent on creating a master directory of the human race and controlling everything you see and do.

      1. Elongated Muskrat Silver badge

        Re: Network Service == Single Point Of Failure

        I have a Win 11 install on my home PC (I still use the Win 10 one though). IIRC, whilst it tried to poke them fairly thoroughly into your face, there is no need to sign up for any Microsoft account to install and run it, it just "warns" you that some "features" are unavailable if you do so. Good, they are almost certainly "features" I don't want, such as "personalised advertising," also known as tracking.

        Of course, I'm not naïve enough to think there won't be any tracking without those turned on, but also I don't need or want unnecessary crud on my computer which is mostly used for gaming, web browsing and email, and the odd bit of development when I feel like I've not been punished enough for doing that for a living.

  12. Esoteric Eric

    ROMulans

    ROM's are great. They are read only memory. Nothing can be written to them. Calling something a TPM and 'secure' boot with a chip that can be overwritten by third party code is by definition never trusted nor secure.

    Now sure, one could argue that with a ROM, it would be difficult to update the systems if a bug is found in such a device that can't be updated without replacing said ROM.

    But it's obvious that a ROM is far more worthy of being called secure and trusted than a modern day BIOS. They are Hardly 'secure' or trusted.

    And as for the issue with insecure ROM chips, Just make a trap door on the laptop with a module that one can replace the ROM chip itself.

    Under no circumstances can you call ANYTHING secure or trusted that I, or anyone else can write out own code to.

    It's no more secure that the boot sector on a floppy.

    You can have convieniance, or you can have security. But never both at the same time.

    1. The Basis of everything is...
      Pint

      Re: ROMulans

      Gotta say +1 for shooting your own argument down - software and firmware has to be assumed to have bugs, so if it can't be updated then it's only a matter of time before it becomes known insecure instead of merely presumed insecure / not proven secure.

      But yes, a physical enable/disable update that actually makes a difference (SD-Cards anyone?) should be mandatory. Sorry, you don't get a +2

    2. Elongated Muskrat Silver badge

      Re: ROMulans

      If someone can pop out the BIOS-on-ROM chip and replace it with another one, you have exactly the same security problem, just one that requires physical access. The idea of things like secure boot and bitlocker on a laptop is that if the device is stolen, nobody can break into it and get the contents, which are possibly more valuable. If you provide a way to subvert this (or I should say, another way) then this isn't helping matters.

      It used to be that you could only update the BIOS via a flashing utility, built into the BIOS boot options. At least that was reasonably secure in that you had to be able to get into the BIOS settings to do it. Now, you can update the UEFI settings from an app in Windows, which anyone can run on an unlocked PC if it's logged in as a user with the required admin permission.

  13. willfe

    Even the manufacturers hate secure boot

    My brand-spanking new ASUS Pro Creator X570 whats-its-name motherboard shipped with secure boot turned off by default. It made me chuckle knowing even the mobo vendors are getting sick of this crap too.

    1. Duncan Macdonald
      Happy

      Re: Even the manufacturers hate secure boot

      Turning Secure Boot off has its advantages - it stops the Windows 11 malware from installing !!

  14. Luiz Abdala
    Windows

    DOS boot chip?

    Is there a way to load an OS from a rom chip these days? Something you can only physically change?

    If it gets corrupted by malware, just yank the chip out and replace with a clean one. Then, with all storage devices cutoff, flip a physical DIP switch on the motherboard to read-only and then tell it to wipe all storage boot sectors it finds or load cleaning tools.

    Something that can't be tampered eletronically, and then flips the switch back to accept a clean modern OS install bypass, then it can be locked again to read-only for that single OS checksum signature.

    I don't know, having a read-only onboard OS with a DIP switch seems like a good idea. You could even load a second BIOS with the solid read-only OS onboard.

    I think some vintage machines had DOS onboard once upon a time, but if it worked like this somebody would have made it at this point.

    1. An_Old_Dog Silver badge
      Windows

      Securing the Entire System

      First of all, if it is truly Read-Only Memory, it can't be infected once it's burned.

      If you're talking about Electrically-Erasable Read-Only Memory -- which obviously is a contradiction in terms, but people misname things as they will -- there were (and perhaps still are) motherboards which required a jumper or a DIP switch change before the BIOS EEPROM could be flashed. To do this in turn requires physical access.

      The problem is it is not just the motherboard BIOS EEPROM which needs to be secured. It's also securing:

      * the EEPROMS for the computers in the hard drives/SSDs;

      * the EEPROMS for the computers in the Ethernet interfaces;

      * the EEPROMS for the computer in the keyboard;

      * the EEPROMS for the computers in the flat-panel displays;

      * the EEPROMS for the computers in the WiFi interface,

      * the EEPROMS for the computers in the USB hubs inside your computer ... and probably some more I didn't think of.

  15. Uncle Ron

    Only a Matter of Time

    I certainly knew this was coming. Only a matter of time. The only surprise is that it took so long. I knew it would take the miscreants a nano-second to bypass all the Windows 11 roadblocks and make all those new PC buyers feel like fools. I'm sure MS knew it too. But it was too good an opportunity to give them and their PC mfg partners a big boost in sales, and a chance to re-engineer Windows with all sorts of data-collection capability to sell. There is now NO benefit to move to 11. It is nothing more than Windows 10 with more sensors and collectors and transmitters. When support for 10 goes away, I'm going away too. Either Linux Mint or Zorin OS. What I'm seeing so far in my sandbox is sparkling. And NONE of this "This PC doesn't meet the minimum requirements..." BS.

  16. bpfh

    Blast from the past

    I remember in the early 90's rebooting one PC in the high school computer room would randomly display "your computer is now stoned". I initially thought it to be a bit strange, before I learned about viruses, especially boot sector ones. So... they are back again!

  17. Anonymous Coward
    Anonymous Coward

    So how do we get the vendor fixes?

    UEFI updates were somewhat forthcoming with SPECTRE/microcode but it seems some vendors are a little more "relaxed" about this again. How do you know if your UEFI is vulnerable?

    Plus, when you DM the vendor support and they say "why do you need this update?" and you have to point them continually at CVE's you do wonder about the definition of 'support'....

    I guess there is no way of making use of the UEFI Revocation list binary unless you have the correct firmware tools?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like