MSI accidentally disables Secure Boot on hundreds of its motherboards:
One of the latest MSI UEFI updates accidentally disabled Secure Boot technology on hundreds of its motherboards, reports Bleeping Computer. As a consequence, over 290 motherboards for AMD and Intel processors can run insecure operating systems, which can be harmful.
MSI's firmware update version 7C02v3C released on January 18, 2022, comes with Image Execution Policy set to 'Always Execute' by default, which allows the PC to boot an operating system that lacks proper signature by its developer. This means that a computer can boot an OS that may have been tampered with, which is an insecure policy as the operating system may be infected or have malicious intent.
The discovery was recently made by Polish security researcher named Dawid Potocki. The researcher noted that he contacted MSI, but did not receive any response, which essentially means that so far the motherboard maker has not fixed its Secure Boot.
See article for a list of motherboard models.
(Score: 3, Informative) by Anonymous Coward on Saturday January 21 2023, @07:57AM (4 children)
How does secure boot prevent the evil maid from cloning the drives and/or secretly installing usb keyloggers, cameras, microphones[1] etc?
Sure it prevents booting up an unapproved/tampered OS. But the other attacks would be more likely. Why the heck would the evil maid bother tampering with the drive's system files when she could do so many other things?
If she was evil and wanted to tamper with the drives and they are unencrypted, she should tamper with the documents which could have far worse impacts. Secure boot doesn't prevent that from happening.
If the drives are all encrypted it would be safer for her to doing the other attacks than to tamper with the boot stuff - because someone who uses full drive encryption might be using other ways of detecting that the system files have been tampered with.
[1] https://www.newscientist.com/article/dn7996-keyboard-sounds-reveal-their-words/ [newscientist.com]
(Score: 3, Interesting) by RS3 on Saturday January 21 2023, @07:26PM
You and I and most here know all of that, but the point of FUD is to confound and confuse the non-technical who actually make technical decisions that get foisted on us poor techs who waste time spinning our wheels because UEFI and "secure boot" fight us tooth and nail when we're just trying to recover someone's broken computer. (yes, very recent experience with it)
(Score: 1, Informative) by shrewdsheep on Saturday January 21 2023, @09:40PM (2 children)
Secure boot forces an attacker to use an exploit of an authorized OS. Arguably, that makes attacks more difficult. Using a usb keylogger, for example, is non-trivial when secure boot is active. I do use secure boot when available (Linux) and I had to disable it when I needed to install an unsigned kernel module for a docking station. The authorization chain therefore includes drivers making everything hardware vetted territory.
(Score: 0) by Anonymous Coward on Tuesday January 24 2023, @02:42AM (1 child)
(Score: -1, Redundant) by Anonymous Coward on Tuesday January 24 2023, @01:26PM
Are you referring to Windows OS or third party malicious software?