Hastily-written news/info on the firmware security/development communities, sorry for the typos.
CVE-2018-9567
The most severe vulnerability in this section could enable a local attacker to bypass user interaction requirements in order to gain access to additional permissions.
https://source.android.com/security/bulletin/2018-12-01
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9567
Advisory Category: Software
Impact of vulnerability: Information Disclosure
Severity rating: MEDIUM
Original release: 12/05/2018
A potential security vulnerability in Intel® IPP may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Data leakage in cryptographic libraries for Intel(R) IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. Intel recommends that users of Intel® IPP update to 2019 update1 or later. Updates are available for download […] Intel would like to thank an Wichelmann (Universität zu Lübeck), Ahmad Moghimi (Worcester Polytechnic Institute), Thomas Eisenbarth (Universität zu Lübeck) and Berk Sunar (Worcester Polytechnic Institute) for reporting this issue and working with us on coordinated disclosure.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12155
A new macOS EFI password tool has appeared on Github today
…but I’ve no time today to look at how it works. 😦
CLOSED-SOURCE WARNING: The project includes a few pre-compiled .EFI binaries but no source, so be careful.
https://github.com/smileycreations15/EFI-Firmware-Password-Simulator
See-also:
https://firmwaresecurity.com/2018/05/02/apple-set-your-firmware-password/
https://firmwaresecurity.com/2016/01/02/efi_bruteforce-efi-pin-of-apple-macbooks/
MNT Reform DIY Laptop
A free and open source modular computing platform
Goals: Security, Transparency, Hackability — All power to the user!
Thoroughly understand it on the electrical, mechanical and software levels
Take it apart, modify and upgrade it without regret
Repair it yourself with simple 3D printed parts and the hardware store
Reclaim your privacy and security: No microphone, camera or management engine
https://www.crowdsupply.com/mnt/reform/updates/prototype-unboxing-videos
https://blog.hackster.io/mnt-reform-a-modular-open-source-diy-arm-based-laptop-3fdcb901e830
Learn how to use formal Assertion Based Verification (ABV) and open-source tools to formally verify HDL designs, and how to use the properties and formal test benches in the riscv-formal framework to formally verify RISC-V cores with ease. This tutorial is aimed specifically at HDL design engineers without in-depth knowledge of formal methods who want to add formal ABV to their verification toolbox.
Why the addition of multiple processing elements and memories is causing so much consternation. An explosion of various types of processors and localized memories on a chip or in a package is making it much more difficult to verify and test these devices, and to sign off with confidence.[…]
http://semiengineering.com/making-sure-a-heterogeneous-design-will-work/#.XAVaWjMxwgk.twitter
[…]We plan to release our tool, SPECULATOR , which we used
to investigate speculative execution behavior, as open source.[…]
Speculative execution attacks exploit vulnerabilities at a CPU’s microarchitectural level, which, until recently, remained hidden below the instruction set architecture, largely undocumented by CPU vendors. New speculative execution attacks are released on a monthly basis, showing how aspects of the so-far unexplored microarchitectural attack surface can be exploited. In this paper, we generalize speculative execution related attacks and identify common components. The structured approach that we employed helps us to identify potential new variants of speculative execution attacks. We explore one such variant, SPLITSPECTRE, in depth and demonstrate its applicability to a real-world scenario with the SpiderMonkey JavaScript engine. Further, we introduce SPECULATOR, a novel tool to investigate speculative execution behavior critical to these new microarchitectural attacks. We also present our findings on multiple CPU platforms.
This is new kind of role for the new cyberwar era. I wish Consumer Reports was doing likewise for consumer devices.
Weapon System Analysis – Hardware and Embedded Firmware
Job responsibilities/focus areas include:
Embedded hardware and firmware characterization and vulnerability analysis of foreign weapon systems including missiles and radars.
MCUboot Security Part 1
By Zephyr Project
November 28, 2018
Zephyr Project member David Brown, a Senior Engineer with Linaro Ltd., shares the best practices for security in this blog post, which first ran on Brownian Motion.
This is the first in what I hope to be a series of posts about the MCUboot bootloader from a security perspective. Please note that although I work in security, I am by no means a cryptographer. I appreciate any feedback on any and all flaws in my analysis. The MCUboot Project is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables easy software upgrade. The essential problem that MCUboot seeks to solve is how to allow firmware updates, while still maintaining some kind of integrity and control over what firmware can be run on the device. The easiest way to prevent unauthorized firmware from running on a device is to configure the flash to be immutable. Unfortunately, this prevents potential security updates (as well as functionality improvements). MCUboot solves this by itself being a small amount of code that can be placed in an immutable section of flash. It then can verify the main code before allowing it to execute, as well as control updates to that code. MCUboot is configurable, and these configuration choices affect the security promises that MCUboot is able to make.[…]
https://www.zephyrproject.org/mcuboot-security-part-1/
https://www.davidb.org/post/mcuboot-security-1/
Re: https://firmwaresecurity.com/2016/03/01/vim-port-for-uefi/
There is a SECOND port of Vim to UEFI!
This one uses this library:
https://firmwaresecurity.com/2018/01/08/torito-c-library/
https://github.com/JoaquinConoBolillo/Visual-VIM-for-UEFI-Shell
Intel has a new post about using SGX to help with blockchain security.
https://itpeernetwork.intel.com/blockchain-intel-sgx/
https://www.intel.com/content/www/us/en/security/blockchain-overview.html
Wow, blockchain-based thinking is one thing I don’t want to see to have any part of my firmware. I wish I could wake up and blockchain would just end up being a bad dream about some snake oil.
Two threads on ASUS issues that might be malicious, but will probably end up to be other kinds of defects. Sorry, no better summary of the issues:
https://tcsltesting.blogspot.com/2018/11/asus-uefi-rootkit.html
The above tweet hints at UEFI support in Kaspersky TDSS Killer 3.1.0.20, but I’ve not found any more specific information.
https://usa.kaspersky.com/downloads/tdsskiller
PS: Kaspersky has a UEFI AntiVirus product, for OEMs:
Kaspersky Anti-Virus for UEFI (KUEFI) is the EFI BIOS level endpoint security solution providing effective protection from rootkits and bootkits and ensuring safe OS loading. The product’s key feature is that it starts running in the EFI environment even before the OS bootup process begins, thus preventing any resident malware from loading. By working on EFI level, KUEFI ensures reliable protection from rootkits, bootkits and other malware specifically designed to circumvent desktop anti-malware technologies. KUEFI is provided as a small EFI module which nevertheless contains the award-winning Kaspersky Anti-Virus engine. The KUEFI architecture enables its integration into any motherboard firmware supporting the EFI standard, regardless of the vendor.
[…]The negative rings:
The year of Meltdown/Spectre/AMDFlaws and all the associated vulnerabilities (and those to come) made us rethink where the most dangerous malware actually lives. And even though we have seen almost nothing in the wild abusing vulnerabilities below Ring 0, the mere possibility is truly scary as it would be invisible to almost all the security mechanisms we have. For instance, in the case of SMM there has at least been a publicly available PoC since 2015. SMM is a CPU feature that would effectively provide remote full access to a computer without even allowing Ring 0 processes to have access to its memory space. That makes us wonder whether the fact that we haven’t found any malware abusing this so far is simply because it is so difficult to detect. Abusing this feature seems to be too good an opportunity to ignore, so we are sure that several groups have been trying to exploit such mechanisms for years, maybe successfully. We see a similar situation with virtualization/hypervisor malware, or with UEFI malware. We have seen PoCs for both, and HackingTeam even revealed a UEFI persistence module that’s been available since at least 2014, but again no real ITW examples as yet. Will we ever find these kinds of unicorns? Or haven’t they been exploited yet? The latter possibility seems unlikely.[…]
https://securelist.com/kaspersky-security-bulletin-threat-predictions-for-2019/88878/
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
In-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Discover the Desktop
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
News from coreboot world
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Just another WordPress.com site
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
