Vista Security Bypassed

Bootkit gives complete control

SecurityFocus has published an interview with two Indian graduates who claim to have developed a new way of attacking Windows Vista.

Cyber Security DE:CODED podcast
Listen to the Cyber Security DE:CODED podcast.

Essentially, they have found a way to introduce potentially harmful program code to a Vista PC. They bypass all of the available protection and tunnel into the kernel.

This gives the program virtually complete control of the system.

The code loads as the system boots from a CD, flash drive or other media. Removing this media and rebooting the system also removes the program.

The researchers claim that the so-called bootkit leaves no trace. It does not place any files on the hard disk.

Vista is most secure version of Windows?

Vista Security Bypassed
Hacking a PC with a flash drive

Windows Vista is supposed to be the most secure version of Windows available to the general public. That’s probably true, but don’t think that means it is impenetrable. Researchers have found a few loopholes in this operating system’s protection already. Vista has only been available for four months.

That said, the bootkit attack relies on the attacker having physical access to the target PC. This starts to become a physical security issue rather than an operating system one. A long time ago Microsoft published an article called 10 Immutable Laws of Security, which discusses security problems that affect all computers, not just Windows ones. The one to note in this case is:

Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore

Having physical access means he could damage or penetrate your computer in a number of ways, ranging from a low-tech denial of service attack (“smash your computer with a sledgehammer”) to stealing a copy of your password files for decryption at his leisure.

Quick and easy access

Attackers can use the new bootkit technique to attack a PC very quickly. You could just wander past a PC, plug in a flash drive and press the computer’s reset button to infect it. However, you’d probably want to whip the flash drive out again, fast, before innocently walking away from the PC. And should its user reboot for any reason, your efforts may have been in vain.

Leave a Reply