Hacker breaks Windows 8 Secure Boot

Stewart Mitchell | Nov 21, 2011 10:55 AM
Bootkit to be unveiled at international malware conference.

An Austrian hacker claims to have written a bootkit that circumvents a key security feature in Windows 8.

Peter Kleissner, a programmer and security researcher with a history of finding exploits, said he would reveal details of the attack that bypassed Microsoft’s Secure Boot feature at the international malware conference MalCon later this month.

Kleissner previously designed the Stoned Rootkit that can control systems by using a compromised boot loader to intercept encryption keys and passwords in Windows machines.

The researcher claims Stoned Lite could compromise Windows 8, despite Microsoft’s efforts to block bootkit attacks with Secure Boot.

“Stoned Lite's infector is just 14KB in size, including driver and bootkit attacking [Windows] 2000 to 8. Bootkit can be started from USB/CD,” Kleissner said on his Twitter feed.

The researcher said the bootkit didn’t attack the Unified Extensible Firmware Interface that will replace BIOS in Windows 8 and is intended to prevent malware being loaded into the system during boot up, and instead relies on older code in the OS.

“It's not attacking UEFI or Secure Boot, right now it's working with the legacy BIOS only,” Kleissner said.