Malware Sets Precedent as First Linux-Focused UEFI Bootkit

Students from Korea’s Best of the Best (BoB) cybersecurity training program have developed the BootKitty malware, the first proof-of-concept UEFI bootkit targeting Linux systems. The project demonstrates how the LogoFAIL vulnerability (CVE-2023-40238) could be exploited to bypass Secure Boot protections on Linux machines.

The proof-of-concept works by embedding shellcode in BMP files to exploit an out-of-bounds write vulnerability during boot, allowing the injection of unauthorized certificates to load a malicious bootloader. While currently limited to specific Ubuntu versions and primarily tested on Lenovo devices with Insyde firmware, the research highlights potential risks for unpatched systems from various manufacturers including Acer, HP, and Fujitsu.

Though BootKitty is not an active threat, it demonstrates the importance of applying firmware updates and implementing security measures like:
– Enabling Secure Boot
– Password-protecting UEFI/BIOS settings
– Controlling physical device access
– Using only official firmware updates

This academic project serves as a valuable demonstration of UEFI security concepts and underscores the importance of addressing firmware vulnerabilities promptly.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.