--3KB of code is all that's needed to take control of your PC-- Researchers at a recent hackers' conference have shown how it's possible
to take control of a Windows 7 machine during its boot sequence.
Demonstrating the code at the recent Hack In The Box event in Dubai,
security researchers Vipin Kumar and Nitin Kumar used a piece of code
called VBootkit 2.0 to take full control of a Windows 7 machine during the
booting up process.
Based on the principle that Windows 7 is meant to be safe from attack
during the boot up process, the duo showed that the code, which is only
3KB in size, could actually easily be run while the OS is starting up.
The attacker can then gain remote access to the computer and can change
files around with the highest level of administrator privileges, and then
return the system to its original passwords to leave the hack undetected.
Unfixable
"There's no fix for this. It cannot be fixed. It's a design problem," said
Vipin Kumar when demonstrating the tool.
However, the threat of the software is apparently nowhere near as great as
with other internet-based hacks and viruses, as it requires the hacker to
be present with the PC.
The VBootkit 2.0 software is almost undetectable on the machine as well,
as it focuses on altering files in the boot up process, although when the
computer is restarted the files are wiped.
By Gareth Beavis
No comments:
Post a Comment