@John-p6c5g sadly many updates cause problems and even if you update every second of the day it won't matter a lot of the time! Many of these vulnerabilities are being discovered and hidden from the user. "Responsible Disclosure" is a bad joke. Full disclosure is what should occur when anyone finds a vulnerability if they want to do the responsible/ethical thing. There is nothing ethical about giving a software company time to fix software they screwed up in the first place when a user is vulnerable already! Users have just as much if not more rights to know about vulnerabilities as soon as they're discovered then the software manufacturer. Without that knowledge they cannot mitigate or decide what to do.
blindly updating instantly on auto, is how you end up with poison updates. auto updates are just Trojans from authoritative sources, why do think authoritative sources put out viruses and intentional vulnerabilities to make panic so you feel that need to update. it's better for every one if we all update at different times, that way we can recover from sleeper problems, hidden in updates.
Windows 11: I am the most secure OS ever! TPM 2.0 is now a requirement! Also Windows 11: Enforces online login on admin account as it is the default and pulls even more third-party ads onto the unremovable web integration, significantly widening the attack surface. Microsoft has always been valuing money much more than security and claiming to be the opposite.
Just enter a nonsense email address and after around 6-10 times Windows will inform you there was an error and drop you to a local account creation screen. I see a lot of very complex solutions to get around the online account requirement but my way is simple and works everytime.
@@r.g.c.3897Your way is awful. Before beginning setup, you simply press shift+f10, type and enter “oobe/bypassnro”, then proceed with setup and select “I don’t have internet”. That’s it, then you can do the local account properly.
@@CosmerenautNaydra The last install I did was at the beginning of December for my wife so it must have been at the very end of 2004 if that is the case because it still worked then.
Don’t give a toss if I get my data back. It’s like linux users don’t have real jobs, the entire business world is microsoft. It isn’t changing soon when most people can’t figure their email addresses out.
just like blindly trusting the USA. During the vietnam war, the USA were the good guys because Cheeze Pizza 🧀🍕 was legal in the USA but not in the USSR. Now the USA changed to the bad side
it is just like how blindly trusting usa. During the vietnam war, Cheeze Pizza was legal in the us but not soviet union. I wished us were still the good guys.
I'm surprised more motherboard makers don't use a write-protect jumper like in the 90s. Dells I've used have a prompt in the UEFI that requires you to confirm you want permanent changes to the UEFI.
Hello, I'm EA Locum Kane from warhammer 40k, reality shifted and time traveled to setup FREEMÆSON guild, and lulzsec When Aurangzeb captured JahanShah he was all like DAYUM FREEMÆSON!!!!!
@@xephael3485yeah, uefi was a mistake. It is overengineered in all the wrong places, and different in all the wrong places. Edk2(aka reference implementation of uefi) build system is convoluted, unnecessarily fragile and doesn't really provide enough value to justify it(and also has a few wrappers around it from a few vendors, i mean even intel, aka creator of this mess, "reference" images use their own wrapper around said build system, nuff said). Oh and did i mention that they use their own abi? Because they do! It's a steamy hot garbage even on the standard level, you can tell because there is virtually no implementation other than the reference one that covers more than a few separate things that they HAD to implement(like one in uboot, or say gnu-efi one). Haven't heard about anyone involved who said that they were AT LEAST neutral about it - everyone hates it...
Yep. When they first announced UEFI, my initial thought was how insecure this would ultimately prove. Took a little longer than I expected, but here we are.
Instant sub for no annoying background music, no screaming, no nothing. Just funny, relatable explanations, simple, to the point videos about the topic (cybersecurity), I need. Thank you!
@@tablettablete186 the wintel (Window Intel) alliance is still strong! 😠. If you shop for a server or computer today you'll see Intel as being the leading option with Microsoft crap preloaded on almost everything! If you want a well-designed AMD laptop or server you basically still have to fight to get it even though it outperforms Intel! (Dell shows 28intel models in server lineup to 12 AMD ones) I don't believe you can get money back from Microsoft by turning down their preloaded operating system. The Dell Pro 14 laptop doesn't allow you to deselect or keep it from being shipped with Windows 🪟 And it's companies like Dell and Microsoft who are putting these preloaded secure boot keys into your bios
As far as I know, the cpu does that, usually in most desktop systems the root of trust comes from a trusted zone inside the cpu itself. On some systems you can use a third party tpm to bootstrap the secure boot.
Don't worry, I'm sure the glowies have 10 more secure boot vulns to use, probably including a few remote tools for installing ones that aren't there by default
Secure Boot never was about security, it's about Planned Obsolescence. The only way to defeat UEFI malware is to sign UEFI firmware with your own CA and refuse anything signed by other CAs.
Honestly a hardware-level pushbutton that needed to be held down during transfer of the new firmware would be fine. Obviously the system would need to be set up to detect partial firmware transfer so it didn't overwrite anything if you didn't hold the button down long enough, but that's about it.
I remember back in like 2003, I was using SoulSeek and fell asleep while DLing stuff. I woke upnto a message saying, "youre pawned mate, have fun after yiu reboot!", so I just unplugged my PC, not sure if they were fullmof crap or let the "reboot" bit slip when bragging. Nothing happened though
@@njs9401 Pretty much. Microsoft's public key for Windows comes preinstalled on any PC that comes with Windows. You could try to enroll your own secure boot keys, but some firmware doesn't allow that and your PC ends up soft-bricked. As a "compromise" that gives Microsoft an unfair advantage, there's a second key (private half possessed by Microsoft) enrolled for non-Windows bootloaders like Shim and PreLoader. Microsoft signs them with that key, and you can get the benefits of secure boot for Linux. Problem is, for secure boot, UEFI has a forbidden signatures database that Microsoft likes to update from time to time. A vulnerability found in Shim? That version of Shim gets blacklisted thanks to a Windows update. This is particularly a pain when dual-booting with Linux, though not hard to solve.
I remember trying to install linux on tablet PCs using the newer intel atom CPUs (cherrytrail & baytrail). UEFI made this process a nightmare. Computing generally sucks more than it ever has.
So basically, UEFI has a critical and permanent backdoor in the "protocol" that we replaced BIOS with. Fantastic. I don't think anyone saw this coming /s
From my understanding this is fixed by releasing a new certificate for a version of reloader.efi with the secure load image function and updating the db and dbx files. The end of the video makes it seem like this has already been done.
@@kenshn22828 no. this exploit method BYPASSES uefi auth and crypto checks by not running those two or one of those essential functions, according to the video. aka, there is no fix due to the bypass capability via said backdoor
Tell me you don't understand UEFI without saying it... Bootloader attacks existed before UEFI. This is bypassing a UEFI security check. One that doesn't even exist on BIOS!
No, it's an expired certificate, hardly a "backdoor" in the protocol. Update DBX and you'll be okay. The link about the exploit also said it required write access to the EFI partition and so on...
I liken UEFI and secure boot to modern cars, whose needless complexity and factory spyware make older vehicles more desirable for people who just want to drive hassle free.
probably sync from yt to odysee dosen't work anymore and must be uploaded manually, quote from odysee post: "TH-cam has recently implemented additional anti-competitive measures that limit our ability to automatically sync videos from TH-cam to Odysee for creators who have opted into this service."
@@nahidahmed9153 Yes, he can upload manually. No, it's not difficult. In fact, it's super simple. I've already commented on how many big creators (Brody Robertson, Distrotube, Techlore, etc.) have become lazy when it comes to Odysee itself. Sad to see Mental Outlaw has fallen into the same crowd, but at least it shows where his priorities are (i.e. TH-cam Money > alternate platforms). Many creators whined about Odysee not being as competitive as TH-cam, and hardly (if ever) advertised it to their viewers. Yet those same creators certainly had no issues about mirroring their own videos on Odysee because of the syncing feature.
this is really scary not gonna lie , espicially when you are a on laptop that the oem still havent update your laptop firmware for patching vulnerability .... and this is even worse when no alternative uefi/firmware are availaible
@@crackthefoundation_ Please make sure that Coreboot is actually compatible with the system, if it isn’t and you replace UEFI with it then you are screwed.
Oh wow, but I thought Windows 11 with it's arbitrary TPM and secure boot requirements were supposed to protect me from teh compooter wiruses. Doesn't Microsoft care about me? (sarcasm)
Remember the simpler days of BIOS, dual-boot and non-Bitlocker SSD? Wait till you find out that WD My Book encrypts its drives even if you don't set an encryption. Now, why would a manufacturer do that?
my experience with secure boot, its not to protect users, its to let windows control users under the guise of protect. secure boot has done more to restrict how i want to use my pc then it has ever done anything to protect
I would just like to point out that it has never been acceptable (in professional IT) to make a certificate valid for longer than a year. This is why. Thanks, Microsoft!
UEFI installs itself on an unencrypted fat32 partition. Such wonderful security, and nobody questioned it. Now they're going to change it and make everyone buy new hardware to get access to the fix.
No, every statement in your comment is false. UEFI lives in the firmware (EFI binaries live in the FAT32 partition). No one is changing FAT32 to be encrypted any time soon, and even if they did you'd can't execute code you can't read (in its decrypted form). You can encrypt the partition, sure (if you also write your own UEFI firmware to decrypt and read that), but this doesn't change the fact that what is actually being "defeated" here is the vulnerable EFI binaries presented. Those binaries have a valid and trusted signature and thus have permission to execute. The signatures for those vulnerable EFI apps should be blacklisted (included in dbx), and then the problem is solved. Using your own keys is also an option on some machines, that way you don't have to trust (sign) anything but the files you want to run (ie, your kernel, initramfs, etc).
@khalilbrsc lol "everything is false", proceeds to admit the fat32 partition exists, and explain how it works. Fat32 has ZERO security permissions unlike NTFS, that's full unrestricted write access. Fat32 also has ZERO data integrity, make a USB drive with fat32, unplug it while in use, whole thing is corrupted. Why do we even need EFI? It shouldn't exist. I get there's security behind it, but the implementation is flawed. Not only that, but this is behaving like a state sponsored backdoor, as governments would have full unfettered "official" backdoor access with this technology, and all backdoors have the potential to be leaked or reverse engineered. Linux has access to secure boot. There's nothing stopping a hacker from installing a Linux rootkit, and some virtual machine technology to boot into Windows. I just don't think it should exist at all, REGARDLESS of security, because the tech itself is too vulnerable to exploit. There should be zero possibility of remote code execution, NOT limited possibility. Anything exploitable will be exploited. There's also the issue that this technology itself is a rootkit from official vendors. It's running vendor code from China under ring 0 with Internet access. Asus has been reported to force users into installing Armory crate via their UEFI. Oh, but this is ok, because it's "official". What? IDC what vendor it is, not even Intel or AMD should have this capability. Zero rootkit or exploits should be in a BIOS. No remote code or OS under the OS. Similar issue with flash drives, as they have their own operating system and CPU running the flash chips. Just install a backdoor into the SSD firmware, can't detect it. Yet another exploit deliberately not called out, and this exploit has been used by state actors for a while. Intercept hardware delivery, replace with exploited hardware. Obviously not widespread, but there's nothing stopping it from being widespread either. Stuxnet went rogue and got discovered by Kaspersky. Whoops. The possibility shouldn't exist. China doesn't need nukes to win a war, they make all PC hardware, just remote disable everyone's computer systems, infiltrate a bank to steal a fractional penny from every transaction. Whatever. The backdoor should not exist.
UEFI was always a problem waiting to happen, and modification should always have been something restricted by a hardware switch. Defaulted to an 'off' position, home users would never flip it, and managed services providers could control the environment and deploy hardware with it on.
How about we just all come to the understanding that if it has been secured by human intelligence it can be broken by human intelligence. There's a reason for this...human incompetence is way more powerful than human intelligence.
The real issue is that there are more people looking for vulnerabilities than there are people actively trying to secure them. There are untold millions of threat actors all looking for the next exploit. Any software manufacturer is always going to be behind the 8 ball
And people might be surprised to find out who some of the actors performing such threats behind closes doors actually are. If I told you all, some of the random individuals I know are involved, I wonder how many of you would actually believe me. 🙊
Hey, the command provided in the article returned a False for me. How do I manually go about applying the latest UEFI revocations? The article says "Windows systems should be updated automatically." but when checking for Windows updates, there are none to be applied. I'm on Windows 10, and I even updated my system yesterday with KB5049981 and KB5050188. What gives?
Bro covers this malware and then ends it with "Run this in your powershell to check if you are vulnerable" I wonder what that looks like to someone that does not understand the command XD
Just type it out from the video I did and it worked remember to open up PowerShell in administrator sadly though it returned false so I don't know what to do now
Another example of unnecessary security "advancements" that do more harm than good. We have a bunch of new ewaste because of things supposedly built for security being utter unfixable garbage. HP and Dell make some of the worst systems in the last 5 years..
I had a dream i woke up one day and every computer on the planet was infected with bios/uefi malware making them inoperable, simply showing an 8bit horse galloping across the screen. I live in fear of that day, not because it might, but because it will.
This is, from a certain point of view, similar to the CrowdStrike’s Falcon security software issue. I remember in that case they bypassed Microsoft review/signing with a custom .dat file containing actually an executable, in order to be able to release before new versions of the sw
Trying to wipe the BIOS UEFI and allow an OS to be installed and actually boot is a freaking nightmare I went through hell with one laptop and I couldn't find out why it would not boot It just sat there with a blinking cursor I finally was able to flash the BIOS and put a generic BIOS on the machine and it went fine after that but it took days to get it to work
whenever i got an issue i just scream MICROSOFT and download the latest updates if there's none i sleep in hopes that when i wake up everything will be fine and dandy
@@davidfrischknecht8261 Majority of Distros are already Secure Boot compatible. Your argument only holds true if one plans to install nvidia’s linux drivers
I wish the compugeniuses would do a version of these big brain vids for us 5 year olds. Lay out NONE of the parts that are not just explaining the issue and the solution, please to us- like we're 5 because we deserve security on our computers as much as the compusavvy.
That's why I dumped the contents of my motherboards SPI Flash right after buying it with a cheap CH341A based programmer. This not just gives you the ability to reprogram the chip after a failed BIOS update, but apparently can also protect you against BIOS level malware.
To add insult to injury. I find that microsoft/windows 11 doesn't update DBX and you have to do it through fwupd on Linux. My Lenovo ThinkPuter T14 bios displays 423 banned signatures.
Since when system reset was a way to solve malware infection ? AFAIK vast majority of malware since forever persists between system (OS) restarts. I have hear several times in this video, that this is why this malware is more dangerous. It makes no sense. Didn't the author mean that the infection persists OS *reinstalls* ? That would make more sense to me.
This exploit would be even easier in legacy bios. If you have root you can write the first 512 bytes of drive (that's all it does load the first thing in the boot priority list where the first 512 bytes end in the correct two byte bootable signature and hand over execution). Boom boot loader replaced. This isn't a UEFI problem it's a people signing bad code problem. You can change your Secure boot keys if you wish to whitelist only the software you want to boot your computer. A traditional bios would have no way to prohibit root software from running an undesired bootloader. This type of malware was pretty common in the dos and win9x days.
Secure boot is such a pain in the neck and doesnt offer much security. I always have it off on my devices. I find it best an up to date OS, good paid AV (i use eset premium) and common sense
and linux is community is just gonna get more and more toxic until you're forced to to believe in some shit and you end up using a macbook (i hate apple)
I feel like you missed a chance to say "Always check that your systems are up-to-date before someone else checks for you."
@John-p6c5g sadly many updates cause problems and even if you update every second of the day it won't matter a lot of the time! Many of these vulnerabilities are being discovered and hidden from the user.
"Responsible Disclosure" is a bad joke. Full disclosure is what should occur when anyone finds a vulnerability if they want to do the responsible/ethical thing. There is nothing ethical about giving a software company time to fix software they screwed up in the first place when a user is vulnerable already! Users have just as much if not more rights to know about vulnerabilities as soon as they're discovered then the software manufacturer. Without that knowledge they cannot mitigate or decide what to do.
corny ahh john doe
😭
blindly updating instantly on auto, is how you end up with poison updates. auto updates are just Trojans from authoritative sources, why do think authoritative sources put out viruses and intentional vulnerabilities to make panic so you feel that need to update. it's better for every one if we all update at different times, that way we can recover from sleeper problems, hidden in updates.
😭😭😭
Windows 11: I am the most secure OS ever! TPM 2.0 is now a requirement!
Also Windows 11: Enforces online login on admin account as it is the default and pulls even more third-party ads onto the unremovable web integration, significantly widening the attack surface.
Microsoft has always been valuing money much more than security and claiming to be the opposite.
Just enter a nonsense email address and after around 6-10 times Windows will inform you there was an error and drop you to a local account creation screen. I see a lot of very complex solutions to get around the online account requirement but my way is simple and works everytime.
@@r.g.c.3897 Takes a single command during installation to bypass the account requirement. Feature updates require a microsoft account though.
@@r.g.c.3897 I think MS closed that loophole sometime in 2024.
@@r.g.c.3897Your way is awful. Before beginning setup, you simply press shift+f10, type and enter “oobe/bypassnro”, then proceed with setup and select “I don’t have internet”. That’s it, then you can do the local account properly.
@@CosmerenautNaydra The last install I did was at the beginning of December for my wife so it must have been at the very end of 2004 if that is the case because it still worked then.
Blindly trusting Microsoft,
That can never go wrong
Don’t give a toss if I get my data back.
It’s like linux users don’t have real jobs, the entire business world is microsoft. It isn’t changing soon when most people can’t figure their email addresses out.
just like blindly trusting the USA. During the vietnam war, the USA were the good guys because Cheeze Pizza 🧀🍕 was legal in the USA but not in the USSR. Now the USA changed to the bad side
Talking about Microsoft I just saw a video showing how Microsoft stores wi-fi passwords in plaintext. Ultimate security practices there.
it is just like how blindly trusting usa. During the vietnam war, Cheeze Pizza was legal in the us but not soviet union. I wished us were still the good guys.
Trust nobody!
I'm surprised more motherboard makers don't use a write-protect jumper like in the 90s. Dells I've used have a prompt in the UEFI that requires you to confirm you want permanent changes to the UEFI.
cause by not having a jumper they can update your firmware without your consent ... so it giving Microsoft and OEM more power
My chromebook has write-protect on the motherboard. You'd think it would be easy to include on more expensive hardware
@@xgui4-studios well yes but it makes it easier to update for the average user. the oem wanting to update drivers and firmware is important.
Hello, I'm EA Locum Kane from warhammer 40k, reality shifted and time traveled to setup FREEMÆSON guild, and lulzsec
When Aurangzeb captured JahanShah he was all like DAYUM FREEMÆSON!!!!!
@@ashishpatel350 average users dont update their UEFI bios
Safe and secure has to be the best snake oil corpos have ever sold.
Safe and secure for their capital gains
I dunno, they made allot out of 'safe and effective' as well lol.
You misunderstood. They didn't mean secure _for_ you, they meant secure _from_ you [having the freedom to run whatever OS you want].
Safe and Effective™
Lather up
It was better when it was just BIOS. Once they connected it to the OS, it was just a matter of time.
Yeah the closed source BIOS was bad enough but then Intel and MS monopoly pulled the UEFI crap nobody asked for.
@@xephael3485yeah, uefi was a mistake. It is overengineered in all the wrong places, and different in all the wrong places. Edk2(aka reference implementation of uefi) build system is convoluted, unnecessarily fragile and doesn't really provide enough value to justify it(and also has a few wrappers around it from a few vendors, i mean even intel, aka creator of this mess, "reference" images use their own wrapper around said build system, nuff said). Oh and did i mention that they use their own abi? Because they do! It's a steamy hot garbage even on the standard level, you can tell because there is virtually no implementation other than the reference one that covers more than a few separate things that they HAD to implement(like one in uboot, or say gnu-efi one). Haven't heard about anyone involved who said that they were AT LEAST neutral about it - everyone hates it...
*shareholders* : Make it look cool and do flashy stuff. That old BIOS looks boring.
*Microsoft* : Nuff said!
Yep. When they first announced UEFI, my initial thought was how insecure this would ultimately prove. Took a little longer than I expected, but here we are.
This is why Microsoft should never have been the lead on replacing MBR.
GRUB2 would have been infinitely better both in security _and_ functionality.
Instant sub for no annoying background music, no screaming, no nothing. Just funny, relatable explanations, simple, to the point videos about the topic (cybersecurity), I need. Thank you!
Temple OS looking better and better everyday.
RIP king Terry
Someone make Citadel OS.
This affect temple os too
2:34 wow, PHP has come a long way. Now it's in UEFI malware!
always has been
Malware launches a quiz when the computer boots, it's a cute attack :3
@@RinceCochoneducational malware
":3" 💔💔💔💔💔@@RinceCochon
Hahahah buying bios update
Who secure boots the secure boot?
Not you... All of these companies and manufacturers are happy taking your control of things away.
@@xephael3485 True
Microsoft and Motherboard manufacturer not ironically
Thus, why MS wants the pluton chip as well
@@tablettablete186 the wintel (Window Intel) alliance is still strong! 😠. If you shop for a server or computer today you'll see Intel as being the leading option with Microsoft crap preloaded on almost everything!
If you want a well-designed AMD laptop or server you basically still have to fight to get it even though it outperforms Intel! (Dell shows 28intel models in server lineup to 12 AMD ones) I don't believe you can get money back from Microsoft by turning down their preloaded operating system. The Dell Pro 14 laptop doesn't allow you to deselect or keep it from being shipped with Windows 🪟
And it's companies like Dell and Microsoft who are putting these preloaded secure boot keys into your bios
As far as I know, the cpu does that, usually in most desktop systems the root of trust comes from a trusted zone inside the cpu itself. On some systems you can use a third party tpm to bootstrap the secure boot.
They need their backdoors
^^this
Don't worry, I'm sure the glowies have 10 more secure boot vulns to use, probably including a few remote tools for installing ones that aren't there by default
@@aliveandwellinisrael2507 yes that way more logical
@@aliveandwellinisrael2507 anyone that unironically calls someone a 'glowie' is a cringe little baby boy
@@adamk.7177 anyone that defends a glowie is a baby batter gargler and and bootlicking tool
Secure Boot never was about security, it's about Planned Obsolescence.
The only way to defeat UEFI malware is to sign UEFI firmware with your own CA and refuse anything signed by other CAs.
THIS
This is why Microsoft should never have been the lead on replacing MBR.
GRUB2 would have been infinitely better both in security _and_ functionality.
Honestly a hardware-level pushbutton that needed to be held down during transfer of the new firmware would be fine. Obviously the system would need to be set up to detect partial firmware transfer so it didn't overwrite anything if you didn't hold the button down long enough, but that's about it.
Whats a ca?
Of course it's Microsoft. Please hand all your stuff to Microsoft so they can make sure it "works" properly.
pretty please let us add telemetry??? its uh, so we can make the software, uh, better! for the user!
This is why Microsoft should never have been the lead on replacing MBR.
GRUB2 would have been infinitely better both in security _and_ functionality.
I remember back in like 2003, I was using SoulSeek and fell asleep while DLing stuff. I woke upnto a message saying, "youre pawned mate, have fun after yiu reboot!", so I just unplugged my PC, not sure if they were fullmof crap or let the "reboot" bit slip when bragging. Nothing happened though
22 years later i'm still using soulseek and similiar software 😅
Congrats on 700k by the way, you're doing god's work broski, all the best
I've learnt more about computers from you than anyone else 🐐youtuber imo
And this is why we need debloated, minimalistic open source bootloaders.
EXACTLY!
there's coreboot
(and you mean firmware)
I'm so happy the first two words in the video are "secure boot". It's like a big middle finger to billy boy and Microsoft. Well deserved!
wait what it's a microsoft thing? that explains the Linux problems then lol
@@njs9401 Pretty much. Microsoft's public key for Windows comes preinstalled on any PC that comes with Windows. You could try to enroll your own secure boot keys, but some firmware doesn't allow that and your PC ends up soft-bricked.
As a "compromise" that gives Microsoft an unfair advantage, there's a second key (private half possessed by Microsoft) enrolled for non-Windows bootloaders like Shim and PreLoader. Microsoft signs them with that key, and you can get the benefits of secure boot for Linux. Problem is, for secure boot, UEFI has a forbidden signatures database that Microsoft likes to update from time to time. A vulnerability found in Shim? That version of Shim gets blacklisted thanks to a Windows update. This is particularly a pain when dual-booting with Linux, though not hard to solve.
I remember trying to install linux on tablet PCs using the newer intel atom CPUs (cherrytrail & baytrail). UEFI made this process a nightmare. Computing generally sucks more than it ever has.
Was is Asus ROG Flow Z13?
@@djnikx1 Linx and Toshiba Encore tablets.
I mean..
At least it wasn't like back in the 80's, or even the 70's..
@ Not exactly sure what you mean by this.
So basically, UEFI has a critical and permanent backdoor in the "protocol" that we replaced BIOS with. Fantastic. I don't think anyone saw this coming /s
Matter of time when the whole thing is an unencrypted fat32 partition, and NOBODY felt it was necessary to question it.
From my understanding this is fixed by releasing a new certificate for a version of reloader.efi with the secure load image function and updating the db and dbx files. The end of the video makes it seem like this has already been done.
@@kenshn22828 no. this exploit method BYPASSES uefi auth and crypto checks by not running those two or one of those essential functions, according to the video. aka, there is no fix due to the bypass capability via said backdoor
Tell me you don't understand UEFI without saying it...
Bootloader attacks existed before UEFI. This is bypassing a UEFI security check. One that doesn't even exist on BIOS!
No, it's an expired certificate, hardly a "backdoor" in the protocol. Update DBX and you'll be okay. The link about the exploit also said it required write access to the EFI partition and so on...
I liken UEFI and secure boot to modern cars, whose needless complexity and factory spyware make older vehicles more desirable for people who just want to drive hassle free.
My man, how come you're not uploading on Odysee anymore?
probably sync from yt to odysee dosen't work anymore and must be uploaded manually, quote from odysee post:
"TH-cam has recently implemented additional anti-competitive measures that limit our ability to automatically sync videos from TH-cam to Odysee for creators who have opted into this service."
@sebastianx708pl Ah I see, thanks for the info!
That's so fckn gai
@sebastianx708pl so why cant he manually upload? is that too difficult? he blames a lot of big corpo but he himself is so lazy to do anything
@@nahidahmed9153 Yes, he can upload manually. No, it's not difficult. In fact, it's super simple.
I've already commented on how many big creators (Brody Robertson, Distrotube, Techlore, etc.) have become lazy when it comes to Odysee itself. Sad to see Mental Outlaw has fallen into the same crowd, but at least it shows where his priorities are (i.e. TH-cam Money > alternate platforms).
Many creators whined about Odysee not being as competitive as TH-cam, and hardly (if ever) advertised it to their viewers. Yet those same creators certainly had no issues about mirroring their own videos on Odysee because of the syncing feature.
Man this is some pretty brilliant malware. These guys have so much potential they could go legit and be wealthy
You get a thumbs up for the Pentium-MMX rig. ;) wish i kept some of mine
Bios bros why we are just keep winning?
"But bro, why would you use BIOS legacy over UEFI in 2025? It's so old!"
GRUB2 for PC IPL 😁
If BIOS supported Rebar and modern Windows, I'd go back to using it.
it's not bios that don't support windows, it's the other way around
Haven't watched but the title goes hard
same
this is really scary not gonna lie , espicially when you are a on laptop that the oem still havent update your laptop firmware for patching vulnerability .... and this is even worse when no alternative uefi/firmware are availaible
I have always hated EUFI because years ago it would screw up my dual boot.
You can try using coreboot with compatible hardware if that problem arises again, grub2 payload is nice with that.
@MikePainstill Cheers, thanks!
@@crackthefoundation_
Please make sure that Coreboot is actually compatible with the system, if it isn’t and you replace UEFI with it then you are screwed.
Oh wow, but I thought Windows 11 with it's arbitrary TPM and secure boot requirements were supposed to protect me from teh compooter wiruses.
Doesn't Microsoft care about me? (sarcasm)
@1:07 lol @ "Normally, the way a system boots" while showing a system booting into Win95 which most definitely didn't use UEFI to do so.
Remember the simpler days of BIOS, dual-boot and non-Bitlocker SSD?
Wait till you find out that WD My Book encrypts its drives even if you don't set an encryption. Now, why would a manufacturer do that?
my experience with secure boot, its not to protect users, its to let windows control users under the guise of protect. secure boot has done more to restrict how i want to use my pc then it has ever done anything to protect
This seemed totally obvious to me when 'Secure Boot' was announced.
I would just like to point out that it has never been acceptable (in professional IT) to make a certificate valid for longer than a year. This is why. Thanks, Microsoft!
Now if only they can update their compatibility drivers....
What an awesome video! Thanks for putting this together! 👍
This sounds so similar to how CrowdStrike broke. Signed software that can load unsigned software or data that in turn is broke.
Oh outsourcing has been so good for us.
UEFI installs itself on an unencrypted fat32 partition. Such wonderful security, and nobody questioned it. Now they're going to change it and make everyone buy new hardware to get access to the fix.
No, every statement in your comment is false. UEFI lives in the firmware (EFI binaries live in the FAT32 partition). No one is changing FAT32 to be encrypted any time soon, and even if they did you'd can't execute code you can't read (in its decrypted form). You can encrypt the partition, sure (if you also write your own UEFI firmware to decrypt and read that), but this doesn't change the fact that what is actually being "defeated" here is the vulnerable EFI binaries presented. Those binaries have a valid and trusted signature and thus have permission to execute. The signatures for those vulnerable EFI apps should be blacklisted (included in dbx), and then the problem is solved.
Using your own keys is also an option on some machines, that way you don't have to trust (sign) anything but the files you want to run (ie, your kernel, initramfs, etc).
@khalilbrsc lol "everything is false", proceeds to admit the fat32 partition exists, and explain how it works. Fat32 has ZERO security permissions unlike NTFS, that's full unrestricted write access. Fat32 also has ZERO data integrity, make a USB drive with fat32, unplug it while in use, whole thing is corrupted. Why do we even need EFI? It shouldn't exist. I get there's security behind it, but the implementation is flawed. Not only that, but this is behaving like a state sponsored backdoor, as governments would have full unfettered "official" backdoor access with this technology, and all backdoors have the potential to be leaked or reverse engineered. Linux has access to secure boot. There's nothing stopping a hacker from installing a Linux rootkit, and some virtual machine technology to boot into Windows. I just don't think it should exist at all, REGARDLESS of security, because the tech itself is too vulnerable to exploit. There should be zero possibility of remote code execution, NOT limited possibility. Anything exploitable will be exploited. There's also the issue that this technology itself is a rootkit from official vendors. It's running vendor code from China under ring 0 with Internet access. Asus has been reported to force users into installing Armory crate via their UEFI. Oh, but this is ok, because it's "official". What? IDC what vendor it is, not even Intel or AMD should have this capability. Zero rootkit or exploits should be in a BIOS. No remote code or OS under the OS. Similar issue with flash drives, as they have their own operating system and CPU running the flash chips. Just install a backdoor into the SSD firmware, can't detect it. Yet another exploit deliberately not called out, and this exploit has been used by state actors for a while. Intercept hardware delivery, replace with exploited hardware. Obviously not widespread, but there's nothing stopping it from being widespread either. Stuxnet went rogue and got discovered by Kaspersky. Whoops. The possibility shouldn't exist. China doesn't need nukes to win a war, they make all PC hardware, just remote disable everyone's computer systems, infiltrate a bank to steal a fractional penny from every transaction. Whatever. The backdoor should not exist.
Algorithm. Thanks for informing us about these increasingly worrying issues. UEFI malware is particularly scary!
@Mental Outlaw
kinda miss the section in where you tell us how to UPDATE against this vulnerability, is it a simple bios update?
We really can’t.
Normal windows update
Honey wake up! New UEFI vuln just dropped.
anyone else watch at 4x speed? good video. i need another coffee.
4x? You're not using the browser interface then. :D
3x is my limit. I usually watch at 2.5x
7.9x in re van ced
I knew there was a reason I didn't install the Microsoft keys when I set up secureboot on my laptop... ;)
Insecure Object Reference. One of the OWASP's top 10. That's a big mistake in a crucial place.
UEFI was always a problem waiting to happen, and modification should always have been something restricted by a hardware switch. Defaulted to an 'off' position, home users would never flip it, and managed services providers could control the environment and deploy hardware with it on.
How about we just all come to the understanding that if it has been secured by human intelligence it can be broken by human intelligence. There's a reason for this...human incompetence is way more powerful than human intelligence.
It is still worth it to keep hardening systems. The less script kiddie friendly the best.
The real issue is that there are more people looking for vulnerabilities than there are people actively trying to secure them. There are untold millions of threat actors all looking for the next exploit. Any software manufacturer is always going to be behind the 8 ball
And people might be surprised to find out who some of the actors performing such threats behind closes doors actually are. If I told you all, some of the random individuals I know are involved, I wonder how many of you would actually believe me. 🙊
Microsoft is a DEl shop. The systems were "secured" by subhuman intelligence.
Coreboot never stops being better!
What's the point of having signature lists if the payload is unsigned and arbitrary?
Hey, the command provided in the article returned a False for me. How do I manually go about applying the latest UEFI revocations? The article says "Windows systems should be updated automatically." but when checking for Windows updates, there are none to be applied. I'm on Windows 10, and I even updated my system yesterday with KB5049981 and KB5050188. What gives?
me using legacy bios🗿
Those term commands at the end; Thank you!
It almost feels like having shoddy bios is consequential
So, what do I do if the Poweshell command returns False?
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x80 /f
Restart-Computer
My 'system is affected by the CVE-2024-7344' and i'm 'protected (the vulnerable driver is revoked on your system)'.
So i guess i have no worries here
Bro covers this malware and then ends it with "Run this in your powershell to check if you are vulnerable" I wonder what that looks like to someone that does not understand the command XD
when NSA writes the UEFI worm, you wont know that it even exists.
make it past tense 🙂
@RolandAdams-h4m trump is not going to abolish nsa, he will just rename it.
@ Past tense in a sense that they already did it.
@@RolandAdams-h4m hmm, I wonder if I am infected
@ we may never know 🙂
What's should someone do if they have the vulnerability and it's not patched?
mr hacker man, how do i copy and paste that from your video @8:00
Just type it out from the video I did and it worked remember to open up PowerShell in administrator
sadly though it returned false so I don't know what to do now
On guard of software security as always. Thanks for news
Another example of unnecessary security "advancements" that do more harm than good. We have a bunch of new ewaste because of things supposedly built for security being utter unfixable garbage. HP and Dell make some of the worst systems in the last 5 years..
Please put string to check if infected above so people can copy it!!!
On Windows with default settings root access is very easy, as UACME demonstrates.
So nice last Linux UEFI dbx update was 2023.06. Thanks Linux Foundation.
So you need root? Wow, they'll have to bring a whole extra usb drive with them and run their favorite LInux live installer
Appreciate ya. Thanks for sharing.
Love how you upload frequently
I had a dream i woke up one day and every computer on the planet was infected with bios/uefi malware making them inoperable, simply showing an 8bit horse galloping across the screen.
I live in fear of that day, not because it might, but because it will.
Tried the powershell code, just undefined variable errors.
I have two laptops that were compromised maybe 5-6 years ago that simultaneously lost the ability to boot off of USB or optical.
Sounds like a Vault7 backdoor.
This is, from a certain point of view, similar to the CrowdStrike’s Falcon security software issue. I remember in that case they bypassed Microsoft review/signing with a custom .dat file containing actually an executable, in order to be able to release before new versions of the sw
I love that i forgot to enroll microsoft keys when setting up my secure boot
when the so-called "secure" boot relies on someone that's not you, its not secure anymore
Trying to wipe the BIOS UEFI and allow an OS to be installed and actually boot is a freaking nightmare
I went through hell with one laptop and I couldn't find out why it would not boot
It just sat there with a blinking cursor
I finally was able to flash the BIOS and put a generic BIOS on the machine and it went fine after that but it took days to get it to work
i have windows, if the last command's output is false am i cooked?? or is there a solution??
What if you're running Linux? How about Linux with a signed kernel (ie: no MS crap on the system)?
Since MNT Next Reform(an arm based open hardware laptop) is on its way to release next year, I’m not really worry about this.
Last time I got hit by a virus a bit like this was in 1999, with the "Chernobyl" virus.
CIH Spacefiller yep.
secure boot was always ridiculous, and clear step towards trying to make sure you do not own your PC.
WOW there are a lot of full 30 second ads before the video plays
whenever i got an issue i just scream MICROSOFT and download the latest updates if there's none i sleep in hopes that when i wake up everything will be fine and dandy
The first thing I did with my laptop when I got it was boot into the UEFI firmware settings and disable Secure Boot.
that doesnt fix the issue it only open more doors ....
@@xgui4-studios It makes installing Linux easier.
@@davidfrischknecht8261 Majority of Distros are already Secure Boot compatible. Your argument only holds true if one plans to install nvidia’s linux drivers
Yeah sucks to be me
So... How exactly does this help you to avoid malware capable of bypassing secure boot?
So is t better to run legacy mode boot manager without UEFI?
I wish the compugeniuses would do a version of these big brain vids for us 5 year olds.
Lay out NONE of the parts that are not just explaining the issue and the solution, please to us- like we're 5 because we deserve security on our computers as much as the compusavvy.
wonder what they will come up next.
That's why I dumped the contents of my motherboards SPI Flash right after buying it with a cheap CH341A based programmer. This not just gives you the ability to reprogram the chip after a failed BIOS update, but apparently can also protect you against BIOS level malware.
So, again, for the uninitiated, how do you go and get the updated dbx signatures if they return false?
Computer security: Trust me bro
To add insult to injury.
I find that microsoft/windows 11 doesn't update DBX and you have to do it through fwupd on Linux.
My Lenovo ThinkPuter T14 bios displays 423 banned signatures.
Since when system reset was a way to solve malware infection ?
AFAIK vast majority of malware since forever persists between system (OS) restarts.
I have hear several times in this video, that this is why this malware is more dangerous. It makes no sense.
Didn't the author mean that the infection persists OS *reinstalls* ?
That would make more sense to me.
conputers
Remind me again what was wrong with BIOS which had to be flashed and why we needed an "updated" firmware with the ability to be modded in place?
This exploit would be even easier in legacy bios. If you have root you can write the first 512 bytes of drive (that's all it does load the first thing in the boot priority list where the first 512 bytes end in the correct two byte bootable signature and hand over execution). Boom boot loader replaced. This isn't a UEFI problem it's a people signing bad code problem. You can change your Secure boot keys if you wish to whitelist only the software you want to boot your computer. A traditional bios would have no way to prohibit root software from running an undesired bootloader.
This type of malware was pretty common in the dos and win9x days.
When do we get that PinePhone review you promised back when?
From Mental Outlaw 3 years back th-cam.com/video/WA0rxLniBbc/w-d-xo.htmlsi=baZFK1vOMAUjgEUy
Does that command return false if secure boot isn't on
So why do we have secure boot, again?
Secure boot is such a pain in the neck and doesnt offer much security. I always have it off on my devices. I find it best an up to date OS, good paid AV (i use eset premium) and common sense
There's better ways to ensure file copy has completed before continuing script execution.
Jus' sayin'
I wonder if it's possible to update the firmware without starting the computer so to speak. Like access the firmware chip directly?
Oh this is old school hacker stuff
Windows is just going to get worse and worse until I have to switch to Linux, isn't it?
Yup
and linux is community is just gonna get more and more toxic until you're forced to to believe in some shit and you end up using a macbook (i hate apple)