28 C
Mumbai
Monday, August 10, 2020
Tel: 8850717892

BootHole Bug Impacts Billions Of Devices

Home Security Awareness BootHole Bug Impacts Billions Of Devices
- Advertisement -

Must Read

Learnings from the Past: A tale of Indigenous Architecture and Sustainability

As much as we move ahead with time and technology, there is also a part of the past that...

7 Innovative Structures made from Recycled materials

Sustainability design has a wide spectrum of applicability. Beyond the typical materials like plastic and glass that are widely...

Human Centric Design

Architecture has a psychological effect on every human being, it could be both negative or positive. Due to a...
Ayush Dubey
Ayush Dubeyhttps://ayush7ad6.wordpress.com/
Ayush Dubey is an engineering student from IIIT Jabalpur. He has a comprehensive background in technology. Cybersecurity being his primary field of interest. He loves to meet people who are always in a hustle to learn new things. Currently, working as a writer at Blarrow Online Services Pvt. Ltd.
Cyber attacks are of two types: one in which crooks use advanced techniques to tamper with the systems and the other is when a service reaches the consumers with an innate vulnerability and attackers leverages that bug. Recently, the researchers have traced a vulnerability in the GRUB2 bootloader present in most of the Linux and Windows devices, affecting billions of devices including IoT gadgetry. The BootHole Bug can let attackers steal information and move laterally in the networks.

GRUB2 Bootloader

GRUB2 is an abbreviation for Grand Unified Bootloader version 2. The function of this bootloader is to manage the startup process and transferring control over to the operating system kernel from the firmware. The bootloader comes default in most of the Linux-based and Windows-based devices.

Booting Process
Booting Process

The Windows devices using Secure Boot with Microsoft’s standard Unified Extensible Firmware Interface (UEFI) certificate authority checks the integrity of the codes in the EFI applications using cryptographic signatures during the booting process. The UEFI checks every bit of the firmware and software before gearing the control to the operating system.
The UEFI is the industry standard and uses GRUB2 bootloader in laptops and desktops.
Billions of users around the globe are under the threat of cyber attacks stemming from the BootHole bug.

Shim is the initial bootloader
Shim is the initial bootloader

According to Eclypsium researchers, the bug tracked as CVE-2020-10713 could allow attackers to get around these protections and execute arbitrary code during the boot-up process, even when Secure Boot is enabled and properly performing signature verification.

BootHole Bug

Researchers dubbed it as “boothole” because it renders a hole in the booting process. It is a buffer overflow vulnerability about how GRUB2 parses the config file (grub.cfg) and enables an attacker to execute arbitrary code and gain control over the booting of the operating system.
This vulnerability was assigned CVE-2020-10713 “GRUB2: crafted grub.cfg file can lead to arbitrary code execution during boot process” with a CVSS rating of 8.2 (High) / CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
The GRUB is a text file which is not signed like other files and executables. This configuration file is stored in the EFI system partition. And attackers can execute arbitrary codes in the file and gaining control on the booting process. This can let attackers alter the content of the file, inject malware, manipulate the boot process, directly patch the OS kernel, and employ any number of nefarious activities.
Furthermore, the boothole bug can let attackers run the attack code before loading of the operating system, bypassing the signature verification. This helps attackers in gaining persistence and ‘near-total control’ on the device.
The affected parties (the list is not complete as the investigation is still ongoing):
  • Microsoft
  • UEFI Security Response Team (USRT)
  • Oracle
  • Red Hat (Fedora and RHEL)
  • Canonical (Ubuntu)
  • SuSE (SLES and openSUSE)
  • Debian
  • Citrix
  • VMware
  • Various OEMs

Impact

The Boot Hole vulnerability can be leveraged by the attackers to install crooked boot kits or malicious bootloaders that operate even when Secure Boot is enabled and functioning correctly.
This can ensure attacker code runs before the operating system and can allow the attacker to control how the operating system is loaded, directly patch the operating system, or even direct the bootloader to alternate OS images. It gives the attacker virtually unlimited control over the victim device.
All signed versions of the GRUB2 bootloader present in every Linux distribution is vulnerable. Apart from the Linux based machines, devices using the Secure Boot with the standard Microsoft UEFI CA is vulnerable to this issue too.
The modern devices present today including servers and workstations, laptops and desktops, and a large number of Linux-based OT and IoT systems, are potentially affected by the vulnerability.

Mitigation

  • Vendors need to release new versions of bootloaders shims and installers for Linux and Microsoft, signed by the Microsoft 3rd Party UEFI CA. This means that every device that trusts the Microsoft 3rd Party UEFI CA will be vulnerable for that period of time.
  • The affected organisations have to update their operating system as well as installer images.
  • More importantly, UEFI revocation list (dbx) needs to be updated in the firmware of each affected system to prevent running this vulnerable code during boot.
The good news is that the attackers need to have physical access to the system or should have administrator privileges to exploit this vulnerability. But if a system is already infected with malware then threat actors can exploit BootHole bug and gain escalation of privileges.
Previous articleArchitecture Photography
Next articleGreen Buildings
- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Human Centric Design

Architecture has a psychological effect on every human being, it could be both negative or positive. Due to a...
- Advertisement -

BadPower Attack: Your Smartphone May Explode While Charging

Recently, Chinese researchers have discovered rather a queer way to literally ‘destroy’ your smartphone through the mobile charger. This attack is known as the...

Learnings from the Past: A tale of Indigenous Architecture and Sustainability

As much as we move ahead with time and technology, there is also a part of the past that helps us learn new things....

TrickBot Anchor Malware Now Targets Linux Systems

Backdoor implementation is enhancing in every aspect. Cyber groups are employing techniques to execute malicious activities in the host system along with establishing persistence....

Rock of Ages 3: Make and Break Review

INTRODUCTION:- ROCK OF AGES 3: MAKE AND BREAK a Tower defence, racing type of video game played in single-player and multiplayer game mode. ROCK OF...

More Articles Like This

- Advertisement -