Month: March 2017
Raptor meets OpenBMC crowdsourcing pledge goal!
Overall Goal: $50,000 USD
Raptor’s Contribution: $30,000 USD
Community Goal: $20,000 USD
Current Pledges: $20,000 USD
Remaining Deficit: $0 USD
Overall Funding Status: 100.0%
Community Funding Status: 100.0%
https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-offer.php
Qualcomm seeks Firmware Security Researcher
I’m going to try and start to post the occasional relevant interesting job postings for security researchers or developers. I will try to use ‘job-posting” for the tag for all of them. If you think it’s a bad idea for this blog, or if you get the job based on this blog, leave a Comment. 😉
[…]Qualcomm Hardware Security team is looking for a Firmware Security Researcher to help drive security efforts in our System-On-Chip (SOC) solutions. In this role, the Firmware Security Researcher will work closely with the Hardware Design Team, Hardware Verification team, and the Software team to help find vulnerabilities in our products. This role entails using best practices to evaluate, asses, and report vulnerabilities in QUALCOMM products. A systematic approach to vulnerability discovery is essential. Knowledge gained will leverage into new security mitigations for our SOC solutions used in a wide range of products, including mobile devices, IOT, automotive, consumer networking gear, wearables, and embedded medical devices. As a firmware security researcher, it is essential that the candidate be able to develop proof-of-concepts to demonstrate the impact of the vulnerabilities that are discovered, to enable proper prioritization and communication of issues to internal teams and external customers. Communication skills are highly valued as the role will entail cross-department coordination with the various groups involved in Cybersecurity initiatives, and possibly presenting findings at security conferences.[…]
https://jobs.qualcomm.com/public/jobDetails.xhtml?requisitionId=1950936
Linux Foundation workstation security ebook
[…]Now, before you even start with your operating system installation, there are a few things you should consider to ensure your pre-boot environment is up to snuff. You will want to make sure:
* UEFI boot mode is used (not legacy BIOS) (ESSENTIAL)
* A password is required to enter UEFI configuration (ESSENTIAL)
* SecureBoot is enabled (ESSENTIAL)
* A UEFI-level password is required to boot the system (NICE-to-HAVE)
https://www.linux.com/news/linux-workstation-security/2017/3/4-security-steps-take-you-install-linux
http://go.linuxfoundation.org/workstation_security_ebook
Sounds interesting, but I don’t see any actual download link for this ebook. I guess I need some sleep.
There is also this: https://firmwaresecurity.com/2015/08/31/linux-foundation-it-security-policies-firmware-guidance/
Exploiting Samsung’s Secure Bootloader (S-Boot) for Android
Exploiting Android S-Boot: Getting Arbitrary Code Exec in the Samsung Bootloader (1/2)
Nitay Artenstein (@nitayart) and Gilad Goldman (@gnull00)
Samsung’s Secure Bootloader (S-Boot) for Android lies at the heart of Samsung’s chain of trust concept. An attacker who compromises S-Boot could potentially load an untrusted kernel and system image, therefore bypassing most of the phone’s security mechanisms. This is a well-known attack vector: It’s often used by the Android rooting and modding community, but our guess is that it’s way more popular with law enforcement and government agencies. All the more interesting, then, that S-Boot on contains several memory corruption bugs, one of which could be used to reach full code execution within the bootloader. We can currently confirm the existence of the vulnerability only on Exynos chipsets. It seems universal to approximately 90% of the Samsung Exynos ROMs running on S5, S6 and S7. The very newest ROMs for S7 (February 2017) appear to include a fix for this bug, but we’ll confirm this in a few days. There’s a lot of ground to cover, so we’ll break up this write-up into two posts. In this post we’ll focus on some S-Boot internals, then explore the bootloader’s attack surface and get basic debugging capabilities. We’ll end the post with the discovery of an especially interesting attack surface. In the next post we’ll disclose the actual vulnerability and how we exploited it to get code execution in S-Boot. We won’t go into much detail on the basics of reversing S-Boot, such as how to load it into IDA or find the base address. Fernand Lone Sang (@_kamino_) is about to publish a great article exactly about that and I’ll put a link for it here when it’s out. If you need any help beyond that, just DM me and I’d be glad to give you a hand if I can.[…]
Firmware Security 