Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Udemy has a course on IoT security. The curriculum includes 23 lectures:
Author Introduction and Table of Content
Introduction to IoT and IoT Foundation
Section 3 : Getting started with IoT Security
Firmware Hacking 101
Automated Firmware Analysis
Conclusion and Discussion
https://www.udemy.com/introduction-to-iot-security-and-hacking-iot-firmware/?platform=hootsuite
Ricardo Echevarria of Intel has a new blog post about IoT security:
Internet-enabled smart devices open up a new universe of possibilities for how consumers interact with the world. But those same smart lightbulbs or TVs may pose a serious threat if their designers fail to strengthen the devices’ security protocols. Last year’s Mirai distributed denial-of-service (DDOS) botnet attack was a wake-up call for the computing world. By targeting vulnerable Internet-connected cameras and other Internet of Things (IoT) devices, the massive botnet was able to redirect enough Internet traffic to a DNS provider to crash multiple high-profile websites. It is no surprise then that IoT developers worry more about security than anything else – including interoperability, connectivity, and hardware integration. The Eclipse IoT Working Group’s 2017 IoT Developer Survey shows that security has remained the number one concern among developers for the third straight year.[…]
https://software.intel.com/en-us/blogs/2017/06/07/iot-security-in-the-developers-mind
CrashOS is a tool dedicated to the research of vulnerabilities in hypervisors by creating unusual system configurations. CrashOS is a minimalist Operating System which aims to lead to hypervisor crashs, hence its name. You can launch existing tests or implement your owns and observe hypervisor behaviour towards this unusual kernel.[…]
https://github.com/airbus-seclab/crashos
William Leara of Dell has a new blog post, with a tutorial on writing a UEFI hello-world app using the UDK.
“Hello World” Quick-Start with UDK2015
The objective of this post is to explain how to get started with UEFI development by getting the UDK2015 development environment up and running, creating a Hello, World example program, and running it in the UEFI shell. Once you can get a simple application built and running in a UEFI Shell, you can begin extending it to greater and greater sophistication![…]
http://www.basicinputoutput.com/2017/06/hello-world-quick-start-with-udk2015.html
“A bootloader bug in Samsung Galaxy smartphones allows an attacker with physical access to execute arbitrary code. Protections like OS lock screen and reactivation lock can be defeated. Several attacks are possible, including memory dump. Fortunately countermeasures exist for unpatched devices.”
Click to access SSTIC2017-Article-attacking_samsung_secure_boot-basse.pdf
If you thought the recent Intel AMT security issues was just theoretical, here’s an example of malware using AMT.
Quick GB2312 strings tool in Go for Chinese firmware. This is a quick little tool that I tossed together one night for finding GB2312 Chinese strings from the memory of an imported ham radio. You might find it handy when translating old video games, as well. (GB2312 is not Unicode, and far better tools exist for locating Chinese Unicode strings.) I cannot speak Chinese, so it’s quite likely that you can improve upon this tool. Pull requests are welcome.
https://github.com/travisgoodspeed/gbstrings
see-also: UBU-helpers tool
There is another new Rust/UEFI project:
alloc_uefi: Rust allocator for UEFI environments.
Usage: Add alloc_uefi as a dependency, and provide the following function as your application’s entry point:
pub extern fn efi_main(sys_table: *const internal_uefi::SystemTable, image_handle: *mut internal_uefi::CVoid)
https://github.com/csssuf/alloc_uefi
https://twitter.com/DevZoneBlog/status/872118468262473729
There is a new document out from Intel that describes their Excite project. No URL to source code, AFAICT.
Finding BIOS Vulnerabilities with Symbolic Execution and Virtual Platforms
By Engblom, Jakob (Intel), Added June 6, 2017
Finding BIOS Vulnerabilities With Excite
Finding vulnerabilities in code is part of the constant security game between attackers and defenders. An attacker only needs to find one opening to be successful, while a defender needs to search for and plug all or at least most of the holes in a system. Thus, a defender needs more effective tools than the attacker to come out ahead.[…]
https://software.intel.com/en-us/blogs/2017/06/06/finding-bios-vulnerabilities-with-excite
If you use Windows and want a PowerShell script to help with boot USB drives, this might be useful for you.
The UEFI Forum issued a press release today, about ARM joining the board.
UEFI Forum Appoints ARM to Board of Directors Fortifying Its Commitment to Firmware Innovation
ARM Strengthens Its Long-Standing Presence and Contributions to the UEFI Ecosystem
June 06, 2017 11:00 AM Eastern Daylight Time
BEAVERTON, Ore.–(BUSINESS WIRE)–The UEFI Forum, a non-profit industry standards body that champions firmware advancement through industry collaboration and advocacy of firmware technology standards, announced today that ARM has been appointed to the UEFI Forum Board of Directors.[…]
For the last few days, the AMI blog — and Twitter account — has been getting regular updates.
https://twitter.com/marver/status/871679588518293505
During a recent penetration test for a customer, Claus and I noticed a Peplink router web interface exposed to the Internet. While I noticed an XSS (CVE-2017-8839) Claus spotted strange behavior with an overly long bauth cookie. This peaked our interest of course. The next logical step was to fingerprint the device, to get to know more about the specific model and firmware version.[…]
Security advisory: High Assurance Boot (HABv4) bypass
The NXP i.MX53 System-on-Chip, main processor used in the USB armory Mk I board [1] design, suffers from vulnerabilities that allow bypass of the optional High Assurance Boot function (HABv4). The HABv4 [2] enables on-chip internal boot ROM authentication of the initial bootloader with a digital signature, establishing the first trust anchor for further code authentication. This functionality is commonly known as Secure Boot [3] and it can be activated by users who require authentication of the bootloader (e.g. U-Boot) to further maintain, and verify, trust of executed code. Quarkslab reported [4] to NXP, and subsequently to Inverse Path, two different techniques for bypassing HABv4 by means of exploiting validation errors in the SoC internal boot ROM [5], which are exposed before bootloader authentication takes place. While the two vulnerabilities have been initially reported for the i.MX6 SoC, Inverse Path evaluated that both issues also apply to the i.MX53 SoC, used on the USB armory Mk I.
[…]
Technical details under embargo until July 18th, by mutual agreement between
reported and NXP.
[…]
The UEFI Forum has updated their specs.
UEFI Spec v2.7
Click to access UEFI_Spec_2_7.pdf
PI v1.6
Click to access PI_Spec_1_6.pdf
ACPI v6.2
SCT v2.5A
http://www.uefi.org/testtools
http://uefi.org/specsandtesttools
http://uefi.org/specifications
“Mr. Jacob Torrey joined DARPA as a program manager in May 2017.”
http://www.darpa.mil/staff/mr-jacob-torrey
Jacob is also the creator of the Firmware-Security list on Twitter.
https://www.jacobtorrey.com/ (expired HTTPS cert)
Guys, this is your *last warning*. This stops *now* or I’m sending lawyers after you and the companies paying you to plagiarize our work and violate our *registered* copyright (which for the record entitles us to punitive damages which now are very easily provable). It’s time to get serious about attribution — what you are doing is completely unacceptable. I’m already in contact with lawyers to prepare for the next time this happens. If any of this plagiarized and misattributed code actually made it into the Linux kernel, you’d all be in a world of pain.
http://openwall.com/lists/kernel-hardening/2017/06/03/14
http://www.openwall.com/lists/kernel-hardening/2017/06/03/11
“Rewards for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise increase from $50,000 to $200,000.”
https://android-developers.googleblog.com/2017/06/2017-android-security-rewards.html
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Discover the Desktop
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
News from coreboot world
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Just another WordPress.com site
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Firmware Security 
You must be logged in to post a comment.