Security team shows unfixable Windows 7 hack
updated 01:40 pm EDT, Thu April 23, 2009
Windows 7 hack program
At the Hack In The Box (HITB) Security Conference in Dubai on Thursday, security researchers demonstrated how software they developed can already take advantage of a design problem with the upcoming Windows 7 operating system, allowing them to hack into the system. VBootkit 2.0, created by researchers Vipin Kumar and Nitin Kumar, was used to demonstrate how hackers can take control of a Windows 7 computer while it's booting up. Unlike most exploits, though, the attack is said inherent to Windows 7 and may likely remain with the OS until it's replaced.
"There's no fix for this. It cannot be fixed. It's a design problem," Vipin said, though the attack cannot be done remotely and requires that hackers have physical access to a PC.
The program is just 3KB big and lets attackers change files that are loaded into system memory during the boot process. Because nothing is changed on the hard disk itself, VBootkit 2.0 is hard to detect, Vipin says. Also, rebooting the computer gets rid of the security issue, as system memory is cleared during the process.
Via the software, hackers can remotely control the targeted computer and change their access level to the highest possible. Passwords can also be removed, letting hackers access a victim's files. What's more, the password is restored, so victims are unaware their security was breached.
As the name implies, VBootkit 2.0 is the second such program developed by Vipin and Nitin, as the original was demonstrated back in 2007 and exposed a vulnerability in Windows Vista.
Microsoft hasn't commented on the exploit. [via NetworkWorld]
Windows 8!!!
04/23, 01:56pm reply
Never fear, Windows 8 will be the bestest ever! Really, this time for sure!
But seriously, is this a real threat? It requires physical access to the computer. There's all sorts of mischief which can be done if one has physical access to a targeted computer.
climacs
Fresh-Faced Recruit
Joined: Sep 2001
also...
04/23, 01:58pm reply
OK it loads when booting up. How does it help to re-boot, then? Even if it is cleared from system memory? Am I missing something here?
climacs
Fresh-Faced Recruit
Joined: Sep 2001
PhysicalAccessExploit
04/23, 02:06pm reply
C'mon guys. The attacker has to have physical access to the machine for this to work. You might as well come up with a story that Win7 machines are vulnerable to being picked up and carried away.
The real stories are the remote exploits. More like those please.
Wingsy
Fresh-Faced Recruit
Joined: Apr 2005
Yup
04/23, 02:21pm reply
I came out with a great virus. It's pre-loaded on some RAM i have.. all I have to do is install the RAM in someone's machine and it's mine... as long as they dont restart it!!
eldarkus
Fresh-Faced Recruit
Joined: Feb 2004
wow
04/23, 02:23pm (1 reply) reply
With physical access you can rig a machine so that everytime it boots you 0wNz it!
Who would have thought!???
How is this even news?
DeezNutts
Fresh-Faced Recruit
Joined: Apr 2008
A new Windows virus
04/23, 02:29pm reply
I have created a trojan which can automatically create a new user account on a computer, delete any and all files, and direct a computer's browser to unsafe sites provided that it has physical access to a targeted computer.
It's called 'a human being'.
climacs
Fresh-Faced Recruit
Joined: Sep 2001
Corporate
04/23, 02:34pm (1 reply) reply
This flaw has big impact to corporate users where IT departments need to control the rights employees have on the machines. Imagine a disgruntled employee coming in early, booting up his coworkers' desktop PCs, installing spyware and gathering his coworkers' passwords and other data.
This is a big deal.
hayesk
Professional Poster
Joined: Sep 1999
Complete nonesense
04/23, 02:48pm reply
This is a non-issue. As others have said, this would require physically sitting at the PC and installing a root kit. Also any corporation worth it's salt is going to have it's PCs locked down so that nobody can just sit down and install a root kit.
phpmaven
Fresh-Faced Recruit
Joined: Jan 2009
I guess
04/23, 02:55pm reply
these guys had to justify the cost of going to Dubai in order to discuss computer security...
climacs
Fresh-Faced Recruit
Joined: Sep 2001
how
04/23, 04:07pm reply
How does the software get in system memory to run if the system memory is wiped on boot?
Sounds like one of those "If someone freezes the memory...." exploits.
Hey, they're just lucky they didn't do this on a Mac. They'd been creamed. Although they technically didn't do it on a PC, either, they did it in a virtual machine.
testudo
Fresh-Faced Recruit
Joined: Aug 2001