Scope of this presentation We present a new class of vulnerabilities, Affecting multiple pre-boot authentication software under x86 and 圆4 architectures, Exploitable without physical access.
Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer (practical low level attacks against x86 pre-boot authentication software) Other related work include information leakage from CPU caches, reading physical memory thanks to firewire and switching CPU modes.
#Defcon authentication key full
In a second part, we will present how this information leakage combined with usage of the BIOS API without careful initialization of the BIOS keyboard buffer can lead to computer reboot without console access and full security bypass of the pre-boot authentication pin if an attacker has enough privileges to modify the bootloader. Unlike current academic research aiming at extracting information from the RAM, our practical methodology does not require any physical access to the computer to extract plain text passwords from the physical memory. In this article, we first present a detailed analysis of this new class of vulnerability and generic exploits for Windows and Unix platforms under x86 architectures. Therefore, any user input including plain text passwords remains in memory at a given physical location. Because Pre-boot authentication software programmers commonly make wrong assumptions about the inner workings of the BIOS interruptions responsible for handling keyboard input, they typically use the BIOS API without flushing or initializing the BIOS internal keyboard buffer. In this paper, we present a new class of vulnerability affecting multiple high value pre-boot authentication software, including the latest Microsoft disk encryption technology : Microsoft Vista's Bitlocker, with TPM chip enabled. Pre-boot authentication software, in particular full hard disk encryption software, play a key role in preventing information theft.
0 kommentar(er)
