It may have a fun name, but this new security vulnerability is no laughing matter. Researchers have discovered a bug in the software that runs even before any operating system is started, which could give hackers uncontrolled access to a computer. And while Linux computers are directly at risk from this exploitation of BootHole, almost all Windows computers in the past decade are also vulnerable to being hacked and hacked with almost no telltale sign of a compromised system.
At the heart of this vulnerability is the computer’s boot process and the UEFI Secure Boot system that should protect that process. Whether it’s a PC or even a phone, there is software called a boot loader that manages the boot of the operating system itself or any recovery mode that needs to be performed. To protect this boot loader, the UEFI Secure Boot system was developed as a way to check for legitimate bootloaders and firmware, while blacklisting the poorly known.
The problem occurs when the boot loader itself has a bug that can be exploited to gain privileged access to a secure system, as in the case of the GRUB2 boot loader used by almost all Linux distributions. A boot loader runs with more privileges than the root user or administrator of an operating system and its only verification is through signed or certified code. If a hacker can switch from a boot loader to a valid but exploitable version, the Safe Boot process will no longer be sensible.
Unfortunately, BootHole doesn’t just affect Linux systems. Since managing certificates for all firmware, drivers or boot loaders is a logistical nightmare, the computer industry has decided to use a certification authority or CA to sign this software, of which Microsoft’s third-party UEFI CA UEFI is the most popular. Since UEFI CA considers GRUB2 to be a certified boot loader, any computer that relies on Microsoft’s third-party UEFI CA is also vulnerable to BootHole, which means almost all computers currently on the market in recent years.
Eclypsium security researchers, who reported the vulnerability, are asking for an industry-wide update and re-signing of the affected software, something he admits could take years to happen. However, there is no reason to panic, as there are small steps that can be taken to protect the computer until all permanent fixes are in place.
These mitigations include the installation of related security updates that OEM and Linux distributions have not released. It also means taking extra care when running unknown programs with privileged access, as this will be the only way for a hacker to switch from a secure GRUB2 boot loader to a vulnerable one. Certainly it is more difficult to use Linux than Windows, but it should not be a reason to relax.