31.5 C
Mumbai
Wednesday, October 21, 2020
Tel: 8850717892

BootHole Bug Impacts Billions Of Devices

Home Security Awareness BootHole Bug Impacts Billions Of Devices
- Advertisement -

Must Read

Oceans meet on Land – Aquariums

In human history, people knew very little about what was beneath the ocean’s surface. With the invention of driving...

Shopify International Data Breach

First, we will see, What is SHOPIFY ? and how does it work? 1) What is Shopify? Shopify is the best E-Commerce...

Off-Grid Glam-site, ‘Danish Cabin’

An Overview: With being nestled deep in woods and trees growing throughout the deck and prevailing winds, the Danish Cabin...
Ayush Dubey
Ayush Dubeyhttps://ayush7ad6.wordpress.com/
Ayush Dubey is an engineering student from IIIT Jabalpur. He has a comprehensive background in technology. Cybersecurity being his primary field of interest. He loves to meet people who are always in a hustle to learn new things.
Cyber attacks are of two types: one in which crooks use advanced techniques to tamper with the systems and the other is when a service reaches the consumers with an innate vulnerability and attackers leverages that bug. Recently, the researchers have traced a vulnerability in the GRUB2 bootloader present in most of the Linux and Windows devices, affecting billions of devices including IoT gadgetry. The BootHole Bug can let attackers steal information and move laterally in the networks.

GRUB2 Bootloader

GRUB2 is an abbreviation for Grand Unified Bootloader version 2. The function of this bootloader is to manage the startup process and transferring control over to the operating system kernel from the firmware. The bootloader comes default in most of the Linux-based and Windows-based devices.

Booting Process
Booting Process

The Windows devices using Secure Boot with Microsoft’s standard Unified Extensible Firmware Interface (UEFI) certificate authority checks the integrity of the codes in the EFI applications using cryptographic signatures during the booting process. The UEFI checks every bit of the firmware and software before gearing the control to the operating system.
The UEFI is the industry standard and uses GRUB2 bootloader in laptops and desktops.
Billions of users around the globe are under the threat of cyber attacks stemming from the BootHole bug.

Shim is the initial bootloader
Shim is the initial bootloader

According to Eclypsium researchers, the bug tracked as CVE-2020-10713 could allow attackers to get around these protections and execute arbitrary code during the boot-up process, even when Secure Boot is enabled and properly performing signature verification.

BootHole Bug

Researchers dubbed it as “boothole” because it renders a hole in the booting process. It is a buffer overflow vulnerability about how GRUB2 parses the config file (grub.cfg) and enables an attacker to execute arbitrary code and gain control over the booting of the operating system.
This vulnerability was assigned CVE-2020-10713 “GRUB2: crafted grub.cfg file can lead to arbitrary code execution during boot process” with a CVSS rating of 8.2 (High) / CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
The GRUB is a text file which is not signed like other files and executables. This configuration file is stored in the EFI system partition. And attackers can execute arbitrary codes in the file and gaining control on the booting process. This can let attackers alter the content of the file, inject malware, manipulate the boot process, directly patch the OS kernel, and employ any number of nefarious activities.
Furthermore, the boothole bug can let attackers run the attack code before loading of the operating system, bypassing the signature verification. This helps attackers in gaining persistence and ‘near-total control’ on the device.
The affected parties (the list is not complete as the investigation is still ongoing):
  • Microsoft
  • UEFI Security Response Team (USRT)
  • Oracle
  • Red Hat (Fedora and RHEL)
  • Canonical (Ubuntu)
  • SuSE (SLES and openSUSE)
  • Debian
  • Citrix
  • VMware
  • Various OEMs

Impact

The Boot Hole vulnerability can be leveraged by the attackers to install crooked boot kits or malicious bootloaders that operate even when Secure Boot is enabled and functioning correctly.
This can ensure attacker code runs before the operating system and can allow the attacker to control how the operating system is loaded, directly patch the operating system, or even direct the bootloader to alternate OS images. It gives the attacker virtually unlimited control over the victim device.
All signed versions of the GRUB2 bootloader present in every Linux distribution is vulnerable. Apart from the Linux based machines, devices using the Secure Boot with the standard Microsoft UEFI CA is vulnerable to this issue too.
The modern devices present today including servers and workstations, laptops and desktops, and a large number of Linux-based OT and IoT systems, are potentially affected by the vulnerability.

Mitigation

  • Vendors need to release new versions of bootloaders shims and installers for Linux and Microsoft, signed by the Microsoft 3rd Party UEFI CA. This means that every device that trusts the Microsoft 3rd Party UEFI CA will be vulnerable for that period of time.
  • The affected organisations have to update their operating system as well as installer images.
  • More importantly, UEFI revocation list (dbx) needs to be updated in the firmware of each affected system to prevent running this vulnerable code during boot.
The good news is that the attackers need to have physical access to the system or should have administrator privileges to exploit this vulnerability. But if a system is already infected with malware then threat actors can exploit BootHole bug and gain escalation of privileges.
Previous articleArchitecture Photography
Next articleGreen Buildings
- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Equinix Ransomware

RANSOMWARE attack hits Equinix companies internal system. Before going forward we will first see, What is Equinix? Equinix is a leading...
- Advertisement -

A brief to Architecture Journalism as a Career Path

Not all students prefer jumping into the career path of practising architecture. It is great when you design, but it could be dreading when...

Urban Farming Masterplan by MJZ Firm, Poland

An Overview: Dubbed 'the gardens of the future', the project focuses on natural food production. MJZ, an architecture firm has introduced a new urban farming...

Stream Store Review – Advanced Stream Modern Technology That Enables You To Develop An Unlimited Products Amazon Store.

Stream Shop Cloud Allows You To Develop Fully Automated Amazon Shops, Self Organized, Without Requirement Of Amazon.com Keys, With Unlimited Products On-Demand, Search Engine...

Social Housing, Home for All

The term ‘social housing’ is given to accommodation which is affordable to low-income people or with particular needs on a secure basis. The state,...

More Articles Like This

- Advertisement -