More than 25 models Lenovo laptops are vulnerable to malicious attacks that disable the UEFI secure boot process and then run unsigned UEFI apps or load bootloaders to permanently backdoor devices.
At the same time that researchers from the security company ESET revealed the vulnerabilities, ο κατασκευαστής φορητών υπολογιστών κυκλοφόρησε ενημερώσεις ασφαλείας για 25 μοντέλα, όπως τα ThinkPads, Yoga Slims και IdeaPads. Τα κενά ασφαλείας που υπονομεύουν την ασφαλή εκmovement of UEFI are serious because they allow attackers to install malicious firmware that survives operating system formats.
To Unified Extensible Firmware Interface, ή UEFI είναι το λογισμικό που γεφυρώνει το firmware ενός υπολογιστή με το λειτουργικό του system. As the first piece of code that runs when a computer starts up, it is the first link in the security chain. Because UEFI resides on a flash chip on the motherboard, infections are very difficult to detect and remove.
Standard measures such as a hard disk format and reinstallation of the operating system do not help, because the infected UEFI will re-infect the computer when it starts.
ESET said the security vulnerabilities CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432 allow UEFI Secure Boot to be disabled or reset of the factory default settings of the secure boot database (and dbx). Secure Boot uses databases to allow and deny mechanisms. The DBX database, in particular, stores encrypted hashes of denied keys.
Disabling or resetting databases to default values allows an attacker to override restrictions that would normally apply.