Thursday, August 13, 2015

The Hacker's Paradise: Windows Platform Binary Table

It has been common knowledge, for a least a while, that certain nation states have a well organized and effective program for installing backdoors and spyware.

But then the Lenovo Crapware hack came to light, linked to a feature called the WPBT.

What's disturbing to about the Windows Platform Binary Table is that there seems to be evidence that although this feature is supposed to be a Windows 8 & 10 feature,  Windows 7 was somehow affected too.  What's the take away?
Using publicly available information and Lenovo's removal tool, average criminal can now craft an exploit that will load a binary into your firmware that will execute on every boot.
Macs have had a similar problem exposed recently - but that was an unintended feature (aka - a bug).  However, the WPBT - which provides the same functionality as the Mac bug - is an intended feature.  Granted, it was supposed to be used for benign purposes, such as maintaining anti-theft software, but just as power corrupts, enabling this kind of architecture only enables the aforementioned - and perhaps untold - hacks.

It all makes me wonder how long this has actually been happening, seeing we already know that the U.S. Gov't has been intercepting systems and installing their spyware for some time now?

No comments:

Post a Comment