IVIZ

Penetration Testing on Demand

GreenClod Security
Application |Networks | Compliance Reporting

Security Research : Publications

iViZ is proud to share some of its cutting edge research with other members of the Security Research Community. Some of the material we recently made public can be downloaded from this page.

What do I find here?

We have identified that a number of software are vulnerable to the class of attack discussed in our research paper "Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer" presented a Defcon 16. In order to help users and researchers keep track of (non) vulnerable software and fixes, we maintain a list of vulnerable and non vulnerable software to this class of attacks on this very page. If you discover a new software vulnerable to this attack, we would appreciate if you let us know by sending a mail to security [at] iviztechnosolutions [dot] com

I am a programmer, how to fix the vulnerability ?

Mitigating the vulnerability all at once for all software is, to the best of our knowledge, not possible. Ideally, software developers should sanitize the BIOS keyboard buffer inside the BIOS Data Area before and after reading user input. A generic bootloader sample in real mode 16b asm is provided below

Bootloader generic patch example

I am a GNU/Linux user, how to mitigate the vulnerability ?

We have developed a partial fix to GNU/Linux users that will sanitize the BIOS keyboard buffer during the early kernel setup. This fix is not perfect as it doesn't prevent possible instrumentation of the BIOS keyboard buffer by a rogue bootloader (for instance to reboot the computer) like stated in the whitepaper. But it at least partially fixes the plain text password leakage independently of the vulnerable BIOS or bootloader password used.

Partial Kernel Fix
 
List of vulnerable softwares

Microsoft Vista's Bitlocker with TPM and password based authentication enabled under Microsoft Vista Ultimate Edition

Truecrypt 5.0 for Windows DiskCryptor 0.2.6 for Windows and prior

Secu Star DriveCrypt Plus Pack v3.9 and prior

Grub Legacy (GNU GRUB 0.97) and prior

Lilo version 22.6.1 and prior

Award BIOS Modular 4.50pg\cite{CVE20054176}

Insyde BIOS V190\cite{CVE20054175}

Intel Corp BIOS PE94510M.86A.0050.2007.0710.1559 (07/10/2007)

Hewlett-Packard BIOS 68DTT Ver. F.0D (11/22/2005)

IBM Lenovo BIOS 7CETB5WW v2.05 (10/13/2006)

List of Non-vulnerable softwares

Microsoft Vista's Bitlocker with TPM and password based authentication enabled under Microsoft Vista Ultimate Edition with Service Pack 1

Hewlett-Packard BIOS F.20 (04/15/2005)

Hewlett-Packard BIOS F.05 (08/14/2006)

Pheonix BIOS Version F.0B, 7/3/2006

Phoenix Technologies BIOS LTD R0220Q0 (25-05-2007)

SafeGuard 4.40 for Windows PGP Desktop Professional 9.8 for Windows