New UEFI bootkit targeting Linux



It's worth noting that Bootkitty is signed by a self-signed certificate, and therefore cannot be executed on systems with UEFI Secure Boot enabled unless an attacker-controlled certificate has been already installed.

So, I'm not going to worry about it. This isn't a reason to not use secure boot, as it's even easier to do this sort of stuff with legacy BIOS systems.
 
Something else not to worry about.
1732752291659.gif
 
Personally i'd have been in favour of merging this post with the other one:

[ https:// www.linux.org/threads/new-uefi-bootkit-targeting-linux.54084/ ]
New UEFI bootkit targeting Linux (2024-Nov-27)​

In any case i think if you read the article it's quite noticeable that it mentioned a pre-requisite which reminds me of a chicken & egg problem...

Good work finding the weakness, now another inventive mind will start looking at solutions to integrate into some future updates. That's called evolution and this is one great quality of Linux, not to remain static like DOS 7.1 since Y2K or so, even 8 if one must push it! In comparison GrUB4DOS with its mutation to GrUB2 has been exemplary and the UEFi multiboot capability with it, just give it time before dreaming that we're all forced to retrograde to 'LILO'...
 
And thus.....another 'industry' will be born

As ESET notes, the discovery is nonetheless significant because it demonstrates someone—most likely a malicious threat actor—is pouring resources and considerable know-how into creating working UEFI bootkits for Linux. Currently, there are few simple ways for people to check the integrity of the UEFI running on either Windows or Linux devices. The demand for these sorts of defenses will likely grow in the coming years.

It will come....it is not a question of IF...it is a question of When
 
...another 'industry' will be born
...
The demand for these sorts of defenses will likely grow in the coming years.

I can't but notice my reply got erased somehow, so i must repeat again.

There already is « Premium » Linux right now and hence i'm even more curious about the opinion of those users who actually paid for their extra feature(s), only to realize the security fix(es) ain't going to be available until we all get it, still for free i presume...
 
Last edited:
Hmm, this is not really UEFI if it needs disk. In such case it is not "unkillable" either.
 
IMO the adjective "unkillable" should at least imply this "BootKit" is active or "alive" in the 1st place, the catch being that according to the article submitted by Trenix25 such intrusive 'BootKitty' actually needs some pre-installed « attacker-controlled » certificate to exploit its claws... In other words the security flaw has to come from elsewhere and in that case i now see two motivational opportunities to investigate, fix and make perfect. Just hoping it won't take 25+ years!

o_O
 

Members online


Top