- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday.
Slideshow: Seven things to love, hate about Windows 7
Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference.
"There's no fix for this. It cannot be fixed. It's a design problem," Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.
VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.
However, when the victim's computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.
VBootkit 2.0 is a follow-up to earlier work that Kumar and Kumar have done on vulnerabilities contained in the Windows boot process. In 2007, Kumar and Kumar demonstrated an earlier version of VBootkit for Windows Vista at the Black Hat Europe conference.
The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (24)
This person failsBy Mossad076 on April 23, 2009, 12:35 pmThis person really fails. The person needs physical access to the computer to do this attack. I don't care what OS/security systems you are using, let someone have...
Reply | Read entire comment
No, the above commenter fails.By Anon on April 23, 2009, 1:16 pmScenario: You use the built-in encryption to protect your files. (Or stored passwords for websites, etc.) Exploit result: Someone is able to change your password...
Reply | Read entire comment
No, the below commenter fails.By Anonymous on April 23, 2009, 1:39 pmFor saying above.
Reply | Read entire comment
::sigh:: no, the above commenter is rightBy Anon on April 23, 2009, 1:39 pmThe built-in encryption doesn't work the way you think it does. Removing a password does NOT remove encryption. Yea, they have access to files, but if they used...
Reply | Read entire comment
Built-in encryption, XDBy Anonymous on April 23, 2009, 3:02 pmHow many companies out there do you think have implemented enough security on their corporate computers to secure their files from an attack. This is a security...
Reply | Read entire comment
Not interestingBy MarcThibault on April 23, 2009, 7:25 pmThis "hack" is dumb and uninteresting. It requires physical access to the machine. Once you have physical access, you can do anything.
Reply | Read entire comment
View all comments