Summarize

Simplifying... Inshort

A newly discovered vulnerability, found by Binarly, affects over 200 PC models from big tech brands like Acer, Dell, and Intel, allowing hackers to bypass Secure Boot and load harmful firmware.
This issue, linked to supply chain failures and poor key management, has raised concerns about Microsoft's Secure Boot requirement for Windows 11.
Binarly advises checking for firmware patches and urges vendors to follow best practices for cryptographic key management.

Was a long read? Making it simpler...

Next Article

Secure Boot security standard has been compromised by PKfail

New vulnerability affects over 200 PC models from major brands

By Akash Pandey

Jul 29, 2024

12:58 pm

What's the story

A new vulnerability, known as PKfail, has compromised Secure Boot, a security standard developed by the PC industry. Cybersecurity firm Binarly reported that this breach, caused by a leaked cryptographic key, has affected over 200 product models from several major brands. The leak originated from an employee who accidentally posted source code containing the encrypted platform key for Secure Boot on a public GitHub repo in late 2022. The code was protected with a 4-character password that was easily cracked.

Brands affected

Dell and Intel among brands impacted by the breach

The compromised platform key, discovered by Binarly in January 2023, was found to be reused across hundreds of product lines from major tech brands such as Acer, Dell, Gigabyte, Intel, and Supermicro. The vulnerability affects both x86 and Arm devices. This breach allows malicious actors to bypass Secure Boot by signing malicious code and loading harmful firmware implants like BlackLotus.

Windows 11 security

Microsoft's Secure Boot requirement raises concerns

Microsoft's decision to make Secure Boot a requirement for Windows 11 has sparked concerns in light of these findings. The company has been advocating this technology for years to protect systems against BIOS rootkits. Binarly's analysis of UEFI firmware images dating back to 2012 revealed that over 10% were impacted by using these untrusted keys instead of manufacturer-generated secure ones as intended. In the past four years alone, 8% of firmware still had this issue.

Vendor missteps

Supply chain failures exposed

The incident has exposed significant supply chain failures and highlighted how some vendors have mishandled critical platform security. Issues include reusing the same keys across consumer and enterprise device lines, shipping products with non-production cryptographic material, and failing to rotate keys regularly. Binarly pointed out these security problems related to device supply chain security that led to this breach.

Security recommendations

Binarly advises on mitigating Secure Boot vulnerability

Binarly urges device owners and IT administrators to check if their equipment is listed in their vulnerability advisory and promptly apply any related firmware patches from their vendor. The firm also recommends that device vendors follow best practices for cryptographic key management, such as using Hardware Security Modules, and replace any test keys provided with securely generated keys.