Techly NewsGet the app

Get the latest tech news

Secure Boot is broken on 200 models from 5 big device makers


Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.

ICLord was a rootkit, a class of malware that gains and maintains stealthy root access by subverting key protections built into the operating system. Built into UEFI—the Unified Extensible Firmware Interface that would become the successor to BIOS—Secure Boot used public-key cryptography to block the loading of any code that wasn’t signed with a pre-approved digital signature. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Models

Models

Photo of Secure Boot

Secure Boot

Photo of big device makers

big device makers

Related news:

News photo

Internal Change to iPhone 16 Models Expected to Reduce Overheating

News photo

Meta Won't Offer Future Multimodal AI Models In EU

News photo

On AI, new UK gov’t to work on ‘appropriate’ rules for ‘most powerful’ models and beef up product safety powers

« Windows 11 KB5040527 update fixes Windows Backup failures
OpenAI launches SearchGPT - here's what it can do and how to access it »