PKfail Secure Boot bypass remains a significant risk two months later

Share:

Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks.

Known as ‘PKfail,’ and now tracked as CVE-2024-8105, the supply chain attack is caused by test Secure Boot master key (Platform Key “PK”), which computer vendors were supposed to replace with their own securely generated keys.

Even though these keys were marked as “DO NOT TRUST,” they were still used by numerous computer manufacturers, including Acer, Dell,  Fujitsu, Gigabyte, HP, Intel, Lenovo, Phoenix, and Supermicro.

The issue was discovered by Binarly in late July 2024, which warned about the use of untrusted test keys, many already leaked on GitHub and other locations, on over eight hundred consumer and enterprise device models.

PKfail could allow threat actors to bypass Secure Boot protections and plant undetectable UEFI malware on vulnerable systems, leaving users no way to defend or even discover the compromise.

PKfail impact and response

As part of their research, Binarly released a “PKfail scanner,” which vendors can use to upload their firmware images to see if they’re using a test key.

Since its release, the scanner has found 791 vulnerable firmware submissions out of 10,095, according to the latest metrics.

“Based on our data, we found PKfail and non-production keys on medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, POS terminals, and some weird places like voting machines.” reads the new report by Binarly.

The majority of the vulnerable submissions are keys from AMI (American Megatrends Inc.), followed by Insyde (61), Phoenix (4), and one submission from Supermicro.

Firmware images scanned over time
Firmware images scanned over time
Source: Binarly

For the Insyde keys, which were generated in 2011, Binarly says that the firmware image submissions reveal they’re still used in modern devices. Previously, it was assumed that they were only to be found in legacy systems.

The community has also confirmed that PKfail impacts specialized devices from Hardkernel, Beelink, and Minisforum, so the flaw’s impact is broader than first estimated.

Binarly comments that vendor response to PKfail has generally been proactive and swift, though not everyone quickly published advisories about the security risk. Bulletins on PKfail are currently available by Dell, Fujitsu, Supermicro, Gigabyte, Intel, and Phoenix.

Several vendors have already released patches or firmware updates to remove vulnerable Platform Keys or replace them with production-ready cryptographic materials, and users can get those by updating their BIOS.

If your device is no longer supported and is unlikely to receive security updates for PKfail, it is recommended that physical access to it be limited and that it be isolated from more critical parts of the network.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
3:13 am, Jan 26, 2025
weather icon 2°C
L: -0° | H: 3°
scattered clouds
Humidity: 80 %
Pressure: 1007 mb
Wind: 3 mph WSW
Wind Gust: 9 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 30%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 7:47 am
Sunset: 4:38 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
-0° | 3°°C 1 mm 100% 19 mph 93 % 1006 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
6° | 8°°C 1 mm 100% 22 mph 90 % 984 mb 0 mm/h
Tue Jan 28 9:00 pm
weather icon
7° | 9°°C 1 mm 100% 21 mph 86 % 996 mb 0 mm/h
Wed Jan 29 9:00 pm
weather icon
5° | 7°°C 1 mm 100% 15 mph 93 % 1001 mb 0 mm/h
Thu Jan 30 9:00 pm
weather icon
3° | 6°°C 0.93 mm 93% 10 mph 95 % 1023 mb 0 mm/h
Today 6:00 am
weather icon
2° | 4°°C 0 mm 0% 9 mph 81 % 1006 mb 0 mm/h
Today 9:00 am
weather icon
4° | 5°°C 0 mm 0% 14 mph 77 % 1003 mb 0 mm/h
Today 12:00 pm
weather icon
6° | 6°°C 0 mm 0% 17 mph 81 % 997 mb 0 mm/h
Today 3:00 pm
weather icon
5° | 5°°C 1 mm 100% 19 mph 93 % 990 mb 0 mm/h
Today 6:00 pm
weather icon
8° | 8°°C 1 mm 100% 14 mph 84 % 988 mb 0 mm/h
Today 9:00 pm
weather icon
9° | 9°°C 0 mm 0% 16 mph 79 % 986 mb 0 mm/h
Tomorrow 12:00 am
weather icon
8° | 8°°C 1 mm 100% 20 mph 90 % 979 mb 0 mm/h
Tomorrow 3:00 am
weather icon
7° | 7°°C 1 mm 100% 14 mph 77 % 982 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€99,743.84
0.20%
Ethereum(ETH)
€3,170.69
1.06%
XRP(XRP)
€2.97
0.16%
Tether(USDT)
€0.95
-0.01%
Solana(SOL)
€243.50
2.23%
Dogecoin(DOGE)
€0.336884
1.13%
USDC(USDC)
€0.95
-0.01%
Shiba Inu(SHIB)
€0.000019
0.07%
Pepe(PEPE)
€0.000014
-0.40%
Peanut the Squirrel(PNUT)
€0.341643
3.03%
Scroll to Top