Uncategorized

Eclypsium at OPCDE: UEFI BIOS firmware analysis at scale

UEFI BIOS firmware analysis at scale
By Oleksandr Bazhaniuk Chief Technology Officer, Eclypsium

Vulnerabilities in system firmware allow adversaries to bypass almost any protection used in the operating system, virtual machine manager and other software. System firmware attacks bypass Secure Boot, software based full-disk encryption and virtualization-based security. Threats exploiting such vulnerabilities can extract secrets from operating system memory, subvert secure/trusted VMs and even hypervisors, install stealthy and persistent implants and even brick physical systems. We’ve discovered a number of such vulnerabilities in the past and developed an open source framework to automate analysis. Despite these risks there are still many modern systems which do not protect their main BIOS/UEFI firmware. We decided to analyze thousands of UEFI firmware updates from multiple platform vendors and discovered hundreds of vulnerabilities, indicating that corresponding systems lack any basic firmware protections in ROM or signed firmware updates. We’ll present the process, findings and limitations of such offline analysis of vendor firmware update images.

http://www.opcde.com/agenda/

Standard

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s