Security research team find unfixable Windows 7 hack
Security researches Vipin Kumar and Nitin Kumar announced at the Hack in the Box security conference that they have uncovered a design problem in Windows 7, allowing them to hack right into the operating system. The hackers claim that they can gain control of a Windows 7 computer during the boot up process using a 3KB program called VBootKit 2.0. It works by allowing hackers to change system files loaded into the system memeory. The hack is extremely hard to detect since no hard drive files are ever touched. Once implemented, hackers can change passwords, access files, and basically do whatever they like without leaving a trace. Fortunately for users, this hack cannot be done remotely and requires physical access to a PC.
This isn’t the first design problem Windows 7 has had. Earlier during the development phase, Long Zheng uncovered a UAC design flaw. At first, Microsoft dismissed the security issue but later apologized for its initial reaction and fixed it in later builds. How will Microsoft respond this time?
[Via Electronista]
Related posts:
Tags: windows 7, windows 7 hack, windows 7 security
To discuss this topic, head on over to our forums!
25 Responses to “Security research team find unfixable Windows 7 hack”
Leave a Reply
To discuss this topic, head on over to our forums!
Loading ...
This is a non-issue. If the hacker has to have physical access to the PC then this hack won’t spread. If you don’t have physical security you don’t have any security.
-TCS
MSCE, MCT, MCITP, EIEIO
Hear hear: any system is vulnerable when a “hacker” has physical access to the system. So, move along, nothing to see here
I agree with TCS that this is really meaningless. Most poeple do not even password protect their PC.
Other than a case door with a lock built in no one has any type of physical protection for their PC. I have locked my case a few times when I knew I was going to have work done in my apartment, but not often.
Beside Linux Live CD’s have been used for this type of hacking for years.
If you somehow can’t protect your computer physically, set a BIOS password to lock people out before booting the OS.
I only have to unplug the ac cable and to remove your bios battery for 10 mins and the bios settings are reseted. Indeed with physical access to a pc, exept for notebook where reseting bios can be tricky, their is no real security.
Thats a good idea and in some instances that makes sense, but how many users access the BIOS. I tweak my system in every way, other than overclocking, kill a few CPU and GPU’s.
That majority of user do not know how to do these thing and security to them is turning off the PC.
And if it’s a laptop, hopefully they’ll carry it around with them or lock it up somewhere. It’s a whole new issue if a desktop was hacked into using the above method. Now we have home/office security issues that need to be dealt with first.
Have you considered PC or Laptop Theft? How about corporate security? People think corporations have strong security, but with my experience, corporate security is through obscurity, speaking of a particular outsourced company that deals with Comcast.
BIOS password? What if you take the battery out of the motherboard?… great security…
If you are away from your computer long enough for someone to unscrew everything, take out the battery and rescrew it back on, you shouldn’t be trusted with a corporate laptop or a personal laptop for that matter. I’d think people would also notice that their system clock just got jacked with. I’m sure other OSes can be taken over in this manner too.
The problem here Geo is that you must realize that the average person does not consider these things till they have a laptop, workstation or portable hard drive stolen or hacked into.
You, I and the other user on this site have above average knowledge of PC’s and OS’s.
As long as it turns on and they can do things they need it to do thats all that matters.
I fix PC’s for friends and family and most of the time they do not even have a firewall running and the antivirus subscription has expired be a few years.
You expect to much from the basic user.
Lack of security software is understandable and I don’t expect everyone to have it. Not keeping your eye on your own computer is not. Why would you leave your laptop unattended where a hacker can get physical access and steal information? Remember this hack only works if the hacker has your laptop in his or her hands. Now a smart hacker would steal the laptop or somehow work really fast. Common sense would tell you that the laptop could get stolen. And if someone holds you at gunpoint for it, well it’s your life versus the data on the laptop.
It is true that you would have to have physical control of the system for the hack and that would take it to a higher criminal level.
But people do walk any way from their laptops in cafe and airports all the time.
As I state earlier tho, that this is a real meaningless hack and could be done be the newest of newbies.
How about laptop on a leash.
Now laptop on a leash isn’t a bad idea except the laptop might get a little scratched and if you don’t walk it every day, it will be angry. Perhaps wheels on the laptop will solve the scratch problem but now it can roll away. What about laptop bag on a leash? Hey, the bag can have wheels with generators that can recharge the laptop while you roll. Just like how you charge those one laptop per child laptops.
Protecting against these types of hacks (especially for laptops) is exactly what BitLocker is all about – and, as the TPM hardware is designed to stop interception attacks (my understanding at least) this sort of injection attack would also be protected through the use of BitLocker.
I would like to see Bitlock standard for all versions of Win7 or at lease as an addon.
Maybe even a free Bitlock Lite version with simpler and faster encryption.
you bet your ass its an issue.. what about loading this type of stuff at a internet cafe to steal passwords etc.
The owner of the Internet café probably isn’t your average user and likely will have BIOS passwords and other monitoring software/system reseting software to prevent such an attack. That said, accidents can happen. But I’m sure Internet cafés already have some security against this. A linux live CD can do some hacking too so I’m sure this isn’t the first time cafés have heard of this kind of threat.
So… if this 3kb file is all it’s needed… wouldn’t it make sense for someone to slip this into a release? hope i’m not giving anyone ideas, but i stumbled onto this topic after reading about a RC leak on windows 7 being torrented around the world… anyone check those files out to see if said 3kb file’s hidden in with the rest of that 2.4gb iso?
Doubt it. This file probably needs to be executed on a machine with the OS unpacked and installed. It probably can’t be slipstreamed. If it was, the leak would fail the md5 integrity check and the sha1 integrity check.
The hack is done just before the OS boots, not during installation and it would do using a thumb drive more likely.
[...] Vea la noticia fuente, AQUI. [...]
[...] Security research team find unfixable Windows 7 hack Security researches Vipin Kumar and Nitin Kumar announced at the Hack in the Box security… [...]
[...] Security research team find unfixable Windows 7 hack Security researches Vipin Kumar and Nitin Kumar announced at the Hack in the Box security… [...]
Jirnsum, is absolutely right.