How to Bypass Verified Boot Security in Chromium OS

02/23/2012

∙

Verified boot is an interesting feature of Chromium OS that supposedly can detect any modification in the root file system (rootfs) by a dedicated adversary. However, by exploiting a design flaw in verified boot, we show that an adversary can replace the original rootfs by a malicious rootfs containing exploits such as a spyware or keylogger and still pass the verified boot process. The exploit is based on the fact that a dedicated adversary can replace the rootfs and the corresponding verification information in the bootloader. We experimentally demonstrate an attack using both the base and developer version of Chromium OS in which the adversary installs a spyware in the target system to send cached user data to the attacker machine in plain text which are otherwise encrypted, and thus inaccessible. We also demonstrate techniques to mitigate this vulnerability.

READ FULL TEXT

How to Bypass Verified Boot Security in Chromium OS

Secure Logging with Security against Adaptive Crash Attack

How Much Does GenoGuard Really "Guard"? An Empirical Analysis of Long-Term Security for Genomic Data

A Tale of HodgeRank and Spectral Method: Target Attack Against Rank Aggregation Is the Fixed Point of Adversarial Game

Downgrade Attack on TrustZone

A computation of D(9) using FPGA Supercomputing

The Maestro Attack: Orchestrating Malicious Flows with BGP

Randomized Consensus with Regular Registers

How to Bypass Verified Boot Security in Chromium OS

Related Research

Secure Logging with Security against Adaptive Crash Attack

How Much Does GenoGuard Really "Guard"? An Empirical Analysis of Long-Term Security for Genomic Data

A Tale of HodgeRank and Spectral Method: Target Attack Against Rank Aggregation Is the Fixed Point of Adversarial Game

Downgrade Attack on TrustZone

A computation of D(9) using FPGA Supercomputing

The Maestro Attack: Orchestrating Malicious Flows with BGP

Randomized Consensus with Regular Registers