CISA Urges Enhanced Security Measures for UEFI Update Mechanisms
Introduction
The Cybersecurity and Infrastructure Security Agency (CISA) has called for an overhaul of security measures for Unified Extensible Firmware Interface (UEFI) update mechanisms. In a recent blog post, CISA emphasized the need for a secure-by-design approach to strengthen the overall security of UEFI, the firmware responsible for a system’s booting-up routine. The agency’s senior technical advisor, Jonathan Spring, highlighted the importance of secure software design and update pathways to neutralize threats to UEFI. The ongoing threat posed by the BlackLotus bootkit serves as a stark reminder of the risks associated with insecure update mechanisms.
The BlackLotus Debacle
BlackLotus, the first malware to bypass Microsoft’s UEFI Secure Boot implementation, emerged on the Dark Web in late 2021. Current protection against BlackLotus requires manual application of patches issued by Microsoft in early 2022 and mid-2023. However, the National Security Agency (NSA) cautioned that these patches are not sufficient to fully mitigate the problem. Microsoft failed to issue patches to revoke trust in unpatched boot loaders through the Secure Boot Deny List Database (DBX), enabling threat actors to replace fully patched boot loaders with legitimate but vulnerable versions, giving them the ability to execute BlackLotus. The exploitation of these vulnerabilities underscores the failure in secure update distribution, leaving UEFI update channels insufficiently resilient or secure.
The Need for Secure Public Key Infrastructure
Spring highlighted the potential for a more secure-by-design approach to UEFI using a public key infrastructure (PKI) and automated update system. In typical PKI management, one secret key signs multiple intermediate certificates, making them easy to revoke in the event of a problem. However, Windows PKI departs from this practice, with one key signing numerous files. Revoking this key to mitigate the BlackLotus issue would cause collateral damage in other parts of the operating system. Spring argues that appropriate PKI implementation would have facilitated the distribution of updates by default and the removal of keys for vulnerable files.
Enhancing UEFI Update Cybersecurity
CISA outlined specific measures that can be implemented to bolster UEFI update cybersecurity. These include:
Auditing and Updating UEFI Components
System owners should have the ability to audit, manage, and update UEFI components just like any other software. This requires the inclusion of software bills of materials, enabling comprehensive assessment and maintenance of UEFI security.
Monitoring UEFI-Related Activities
Operational teams should be able to collect, analyze, and respond to event logs that identify UEFI-related activities, such as changes, updates, and component additions/removals. UEFI-native watchdog and reporting capabilities should integrate with the operating system or endpoint detection and response tools to enable effective monitoring.
Secure Software Development
UEFI component developers should adhere to secure development environments and adopt software development best practices. This ensures that UEFI components undergo rigorous security testing and are resilient against attack vectors.
Reliable Update Capabilities
The UEFI vendor community must universally adopt uninterrupted and reliable update capabilities. This will ensure that UEFI component updates do not burden operational communities and end users, making security updates more seamless.
Engagement and Collaboration
The UEFI community, supported by the UEFI Security Response Team (USRT), should expand its engagement with relevant communities to foster the adoption of best practices for Product Security Incident Response Team (PSIRT) operations. Collaboration and knowledge sharing in the cybersecurity community will contribute to the development of more secure UEFI systems.
Conclusion
The call for enhanced security measures for UEFI update mechanisms by CISA comes as a response to the ongoing threat posed by the BlackLotus bootkit. The need for a secure-by-design approach, coupled with robust update pathways, cannot be overstated. The vulnerabilities exposed by BlackLotus highlight the risks associated with insecure update distribution channels. By implementing the measures outlined by CISA, the computer industry can work towards building more secure systems that mitigate the risk of persistent malware and ensure the security of user data. Stakeholders must prioritize secure software design, continually assess security vulnerabilities, and collaborate to form a united front against emerging threats. Only through these collective efforts can the security of UEFI and the overall cyber landscape be effectively strengthened.
<< photo by George Becker >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Cat and Mouse Game: Malicious Apps Outsmart Google Play Store Scanners
- AI Advancements Fuel Cybercrime Innovation
- The Rise of the Hacktivists: Cult of the Dead Cow Pioneers ‘Privacy-First’ App Framework
- The Rise of AVrecon: How a SOHO Router Botnet Infects Thousands of Devices Worldwide
- Cloud Battle: Orca Claims Intellectual Property Theft by Wiz
- An In-Depth Look at the PicassoLoader Malware: Ongoing Attacks in Ukraine and Poland
- Raising Cybersecurity Awareness: Jericho Security Secures $3 Million for AI-Powered Training
- The Looming Threat: Analyzing the 670 ICS Vulnerabilities Revealed by CISA
