The blogosuare is atwitter with news of an unfixable Windows 7 Hack being shown off at Hack in the Box by Vipin and Nitin Kumar. The exploit, VBootkit 2.0, sequal to VBootkit 1.0, is reasonably sophisticated. It boots off of removable media, reads the MBR, and then loads the OS, compromising OS files in memory to do all sorts of nefarious stuff. I haven’t found the whitepaper to 2.0 yet, but you can read the whitepaper to 1.0 here. 1.0 essentially targetted Vista, while 2.0 goes after Windows 7.

Now this is a pretty clever little exploit, but it isn’t an OS exploit. It targets one of the great maxims of computer security- if the system is compromised before your code runs, you cannot definitively restore integrity, or put another way, he whose code runs first wins. Windows code does not have an exploitable vulnerability, other than the assumption that the system booted securely, an assumption that *has* to be made. The Kumars deserve recognition for very effectively exploiting this assumption, but their actual attack vector is nothing novel.

We can continue to increase the pre-boot integrity controls and increase the sophistication necessary to access the machine, but physical access is still one of the easier ways to gain access to a box. That isn’t going to be a problem solved soon.

~ Joshbw