Billions of Devices Impacted by Secure Boot Bypass
New research shows that billions of Windows and Linux devices are vulnerable to cyberattacks originating from a bug in the GRUB2 bootloader, which security experts have named the “BootHole” bug. The exploitation of the bug could lead to malware infection, information theft, and allow attackers to move laterally into corporate, OT, IoT, and home networks.
Secure Boot is a well-known industry standard that requires devices to ensure that it only runs trusted software. When a computer powers on, the device’s firmware searches through the signatures of programs running on the device. If the signatures can be authorized, the computer will start up and the firmware will transfer control to the operating system. However, the BootHole bug would allow attackers to circumvent these protections and execute arbitrary code while the boot-up process is ongoing.