https://github.com/ValdikSS/windows2usb
Month: June 2018
eWeek: Processor Flaws Force Chip Producers to Make Security Top Priority
[…]Here are five of the most serious that were reported in the past year.
1. Spectre, Meltdown variants post triple threat
2. Researchers find flaws related to Speculative Store Bypass
3. Intel acknowledges flaws in ME, AMT subsystems
4. When 140 years is not long enough: the ROCA flaw
5. Insensitive disclosure of sensitive issues: AMD PSP flaws
http://www.eweek.com/security/processor-flaws-force-chip-producers-to-make-security-top-priority
Intel releases SMM-free processor! :-)
Time to stock up new FreeDOS-capable hardware, while you have a chance. 😉
Actually, I’m not sure, maybe this limited edition processor *DOES* have SMM, that’d be interesting in other ways.
https://www.intel.com/content/www/us/en/products/processors/core/i7-processors/i7-8086k.html
https://game.intel.com/8086sweepstakes/
Two random tweets
Virtualization-based security (VBS) memory enclaves: Data protection through isolation
I’m glad that Virtualization-Based Security has replaced VisualBasic Script as the new acronym for VBS. 🙂
The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution capability, resulting in widescale global outbreaks. Windows 10 remained resilient to these attacks, with Microsoft constantly raising the bar in platform security to stay ahead of threat actors. Virtualization-based security (VBS) hardens Windows 10 against attacks by using the Windows hypervisor to create an environment that isolates a secure region of memory known as secure memory enclaves.[…]
Duo Labs: organizations can be “software secure but firmware vulnerable”
Duo Labs, who has EFIgy, an EFI firmware update status tool for Mac, is interviewed by InfoSecurity Magazine on the topic of EFI security:
[…]Although efforts to compromise EFI are most often carried out as part of highly targeted attacks, they remain a major threat to organizations, he warned. […] Smith revealed newly updated research from Duo Security which details shortcomings in Apple’s EFI update processes. Drawing on data collected from 73,000 customer machines, the findings show that 4.2% were running the wrong EFI version – much higher than the 1% or so expected. That rose to nearly 43% for the oldest Mac model on the market, dating back to 2015. The results also showed that organizations could be “software secure but firmware vulnerable.” […] He called on tech firms to introduce “the same degree” of transparency into the firmware update process as they do with software updates. Duo Security chose to study Apple because the firm’s singular ecosystem made it easier to analyze, but Smith warned that failings in the Wintel space are arguably even more acute.[…]
https://www.infosecurity-magazine.com/news/infosec18-experts-in-efi-update/
Rufus: 2 unspecified vulnerabilities hinted-at
Stefan Kanthak has submitted a bug against Pete Batard’s Rufus, a Win32 GDI tool that helps create USB thumbdrives. Rufus is — these days — somewhat of a rarity, an open source tool that is a native Win32 GDI GUI C application. These days, most open source GUI tools are Qt or GTK. Even Microsoft has basically given up on Win32. Old School Windows tool. 🙂
I wish Stefan was less of an <EXPLETIVE> in how he reported it.
Pete has been writing EFI-centric Free Software for a long time, not many people can write UEFI file system drivers and Win32 GDI GUI applications. Thanks for creating all these tools for people, Pete!
https://rufus.ie/
https://pete.akeo.ie/
https://skanthak.homepage.t-online.de/home.html
https://github.com/pbatard/rufus
http://www.openwall.com/lists/oss-security/2018/05/31/1
Mr. IoT’s IoT Security 101
CopperheadOS company problems
PT Security: new Intel ME research
Eclypsium on BloombergTV
Re: https://firmwaresecurity.com/2018/05/17/eclypsium-in-bloomberg/
Eclypsium was on BloombergTV today! Hmm, I can’t find the URL of the video, if you can, please add it as a Comment to this blog.
Intel: Q2 2018 Speculative Execution Side Channel Update
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
INTEL-SA-00115
| Original release: | 05/21/2018 |
| Last revised: | 05/21/2018 |
list of IoT/embedded OS firmware tools
I mostly focus on Platform Firmware, UEFI, ACPI, etc. I usually don’t focus too much on IoT/embedded OS firmware, even though I blog about them. But there’s a lot of tools for the latter, and I’ve not yet added a section for them in Awesome Firmware Security[1]. And I have 2 friends who need such a list. Below is first pass at searching old blog posts for tools. Will refine and add to Awesome Firmware Security later. Please leave a Comment to point out any other major tools of this category that I’ve missed.
https://firmwaresecurity.com/2016/08/25/firminator/ Hmm, it looks like the domain firminator.io is no longer valid.
Tactical Network Solutions unveils firmware evaluation services
ReFirm labs gets 1.5mil in funding, launches Centrifuge Platform
[1] https://github.com/PreOS-Security/awesome-firmware-security/blob/master/README.md
Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications
Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications
Schulz, Matthias
Ph.D. Thesis
Smartphones come with a variety of sensors and communication interfaces, which make them perfect candidates for mobile communication testbeds. Nevertheless, proprietary firmwares hinder us from accessing the full capabilities of the underlying hardware platform which impedes innovation. Focusing on FullMAC Wi-Fi chips, we present Nexmon, a C-based firmware modification framework. It gives access to raw Wi-Fi frames and advanced capabilities that we found by reverse engineering chips and their firmware. As firmware modifications pose security risks, we discuss how to secure firmware handling without impeding experimentation on Wi-Fi chips. To present and evaluate our findings in the field, we developed the following applications. We start by presenting a ping-offloading application that handles ping requests in the firmware instead of the operating system. It significantly reduces energy consumption and processing delays. Then, we present a software-defined wireless networking application that enhances scalable video streaming by setting flow-based requirements on physical-layer parameters. As security application, we present a reactive Wi-Fi jammer that analyses incoming frames during reception and transmits arbitrary jamming waveforms by operating Wi-Fi chips as software-defined radios (SDRs). We further introduce an acknowledging jammer to ensure the flow of non-targeted frames and an adaptive power-control jammer to adjust transmission powers based on measured jamming successes. Additionally, we discovered how to extract channel state information (CSI) on a per-frame basis. Using both SDR and CSI-extraction capabilities, we present a physical-layer covert channel. It hides covert symbols in phase changes of selected OFDM subcarriers. Those manipulations can be extracted from CSI measurements at a receiver. To ease the analysis of firmware binaries, we created a debugging application that supports single stepping and runs as firmware patch on the Wi-Fi chip. We published the source code of our framework and our applications to ensure reproducibility of our results and to enable other researchers to extend our work. Our framework and the applications emphasize the need for freely modifiable firmware and detailed hardware documentation to create novel and exciting applications on commercial off-the-shelf devices.
http://tuprints.ulb.tu-darmstadt.de/7243/
Announcing coreboot 4.8 & 4.8.1
See blog post for full list of changes.
Security
- Start of refactoring the TPM software stack
- Introduced coreboot security section in kconfig
- VBoot & TPM code moved into src/security
BlackHat cancels Intel/Eclypsium CHIPEC training
I notice that the Intel/Eclypsium training at Black Hat USA 2018 is no longer listed. Sounds like not enough people signed up?!
AFAIK, the next opportunity to get Eclypsium CHIPSEC training is at REcon (and REcon appears to have cheaper training rates than Blackhat):
https://recon.cx/2018/montreal/training/trainingfirmware.html
There’s also the training materials from older training from Intel ATR/CHIPSEC team, available here:
Apple macOS 10.13.5 EFI update, CVE-2018-4251
CrowdSupply: SPIDriver: A better SPI adapter
https://twitter.com/HacksterPro/status/1002007748807184389
https://www.crowdsupply.com/excamera/spidriver
SPIDriver is an easy-to-use tool for controlling SPI devices. It works with Windows, Mac and Linux, and has a built in color screen that shows a live logic-analyzer display of all SPI traffic. It uses a standard FTDI USB serial chip to talk to the PC, so no special drivers need to be installed. The board includes 3.3 and 5V supplies with voltage and current monitoring.
Asian Hardware Oriented Security and Trust Symposium (AsianHOST)
Hardware has long been viewed as a trusted party supporting the whole computer system and is often treated as an abstract layer running instructions passed through the software layer. Historically, cybersecurity community believed that the integrated circuit (IC) supply chain is well protected. However, the IC supply chain, which is now spread around the globe, has become more vulnerable to attacks than before. The heavy reliance on third-party resources/services breeds security concerns and invalidates the illusion that attackers cannot easily access the isolated IC supply chain. Formal methods have been proven to be effective in security verification on hardware code. Trustworthy hardware is also under development for the construction of the root-of-trust. The intrinsic properties of existing and emerging devices, MOSFET, memristor, spintronics, etc. are leveraged for security primitives and applications. Another trend in the hardware security area is the development of security enhanced hardware infrastructure for system level protection. The goal is to provide a fully operational software and hardware platform that ensures secure design, manufacturing, and deployment of modern computer systems.
Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate the rapid growth of hardware security research and development in Asia and South Pacific areas. AsianHOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. AsianHOST 2017 invites original contributions related to, but not limited by, the following topics.
http://asianhost.org/2018/authors.htm#cfp
Firmware Security 
You must be logged in to post a comment.