ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: PV031
  • Created: 24th July 2024
  • Updated: 24th July 2024
  • Platforms: MacOS, Windows, Linux, iOS, Android
  • Contributor: The ITM Team

Bootloader Password

First stage bootloaders such as BIOS (Basic Input/Output System) and UEFI (Unified Extensible Firmware Interface) or second stage bootloaders such as GNU GRUB (GNU GRand Unified Bootloader) and iBoot, generally provide the ability to configure a bootloader password as a security measure. This password restricts access to the computer’s firmware settings and, in some cases, the boot process.

 

When a bootloader password is set, it is stored in a non-volatile memory within the firmware. Upon powering on the system (and the bootloader settings being selected) the bootloader prompts the user to enter the password before allowing access to the firmware settings, thereby preventing unauthorized users from altering system settings or booting from unauthorized devices.

Sections

ID Name Description
PR011Boot Order Manipulation

A subject accesses BIOS or UEFI to manipulate the boot order of a target computer to boot from an external device in order to access the target computer's file system without needing to interact or authenticate with the Operating System of the target computer.

ME016System Startup Firmware Access

A subject has the ability to access the system startup firmware of a target system.

ME016.001Target Disk Mode Access

A subject has the ability to put the target system into “Target Disk Mode” (MacOS).

IF002.007Exfiltration via Target Disk Mode

When a Mac is booted into Target Disk Mode (by powering the computer on whilst holding the ‘T’ key), it acts as an external storage device, accessible from another computer via Thunderbolt, USB, or FireWire connections. A subject with physical access to the computer, and the ability to control boot options, can copy any data present on the target disk, bypassing the need to authenticate to the target computer.