Friday, 27 April 2007

Vista Security Bypassed

SecurityFocus has published an interview with two Indian graduates who claim to have developed a new way of attacking Windows Vista.

Essentially, they have found a way to introduce potentially harmful program code to a Vista PC, bypassing all of the available protection and tunnelling in to the kernel. This gives the program virtually complete control of the system.

The code needs to be loaded as the system boots from a CD, flash drive or other media. Removing this media and rebooting the system also removes the program. The researchers claim that the so-called bootkit leaves no trace because it does not place any files on the hard disk.

Hacking a PC with a flash drive

Windows Vista is supposed to be the most secure version of Windows available to the general public. That's probably true, but don't think that means it is impenetrable. A few loopholes have been found in this operating system's protection already, and it has only been available for four months.

That said, the bootkit attack relies on the attacker having physical access to the target PC. This starts to become a physical security issue rather than an operating system one. A long time ago Microsoft published an article called 10 Immutable Laws of Security, which discusses security problems that affect all computers, not just Windows ones. The one to note in this case is:

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

Having physical access means he could damage or penetrate your computer in a number of ways, ranging from a low-tech denial of service attack ("smash your computer with a sledgehammer") to stealing a copy of your password files for decryption at his leisure.

The new bootkit technique could be used to attack a PC very quickly, because you could just wander past a PC, plug in a flash drive and press the computer's reset button to infect it. However, you'd probably want to whip the flash drive out again, fast, before innocently walking away from the PC. And should its user reboot for any reason, your efforts may have been in vain.