Twitter’s firmware researcher community list

I’m new to Twitter, still don’t have an account. A while ago I started looking into the right Twitter feeds to read:

but I’ve not updated that list in a while. Luckily for me, Jacob Torrey, one of the firmware researchers on above list the helped me out by creating (and maintaining) an EXCELLENT list of Twitter feeds for firmware research:

I’ve got a lot more OEM/IHV/etc Twitter feeds since 0.3, will be working on a 0.4 release, but I can’t match Jacob’s list. Check it out!

Firmware Security document collection project on Github

I just noticed a new github project:

It is a collection of PDFs about firmware security, mostly security conference presentations, gathered up into a single project.

It is unrelated to this blog, I don’t know the person who created the project.

Funny, I recognize about 1/3 of the collected files by their filenames. 🙂

Be sure to virus-check PDFs before you read them, who knows if malware has been added to to these.

Tracking Intel BIOS and UEFI updates

Here’re two resources that you should be tracking, if you care about firmware security. In addition to OEM-specific sites, these are very useful to track updates in UEFI- and Intel-based systems:

1) TianoCore Security site, advisories, and list:

The Tianocore Security site has UEFI security vulnerability information impacting most UEFI-based vendors, including non-Intel vendors like ARM. The data is released as PDFs, and announced on their list. Tianocore doesn’t use NIST SCAP CVEs, look for these PDFs instead.

2) Intel Security Center site, and list:

The Intel Security Center site has BIOS/UEFI security vulnerability information impacting Intel-based systems. The data is released as web pages, and announced on their list.

Someone from your IT department should probably be subscribed to these mailing lists, and watch these lists and content for updates that may impact their systems.

LegaCore releases new research

Yesterday LegbaCore updated their website to include some more research:

“Added the How Many Million BIOSes Would you Like to Infect whitepaper to our Research page. This document contains more discussion than was provided in the conference talks of what could be done by live OSes like Tails or LPS to be more secure against firmware threats.”

More information:

Joe Grand: Tools of the Hardware Hacking Trade

Joe Grand of Grand Idea Studio gave a presentation on “Tools of the Hardware Hacking Trade” a few weeks ago at RSA Conference:

“Embedded systems are pervasive in our society and many contain design flaws that can lead to exploitable vulnerabilities. In this session, Joe Grand examines common hardware tools used during the hacking and reverse engineering of electronic products, including those that monitor/decode digital communications, extract firmware, inject/spoof data, and identify/connect to debug interfaces.”

Joe Grand, a former member of the hacker collective L0pht Heavy Industries, is the founder of Grand Idea Studio, Inc, a company that specializes in the invention and licensing of consumer devices and modules for electronics hobbyists. The presentation is a nice look at current tools available for firmware/hardware hacking, from the security researcher perspective, for those of you who haven’t already created your ‘hardware hacking lab’. 🙂

I don’t know of any better resource lists of this kind, with a security focus. For books, there’s a chapter in Wiley’s “Android Hacker’s Handbook” that is similar. Alas, I didn’t find any audio/video archives, only the presentation. Most other hardware tools documentation I’ve found is mostly Maker-focused, not security focused.

More Information:

VZ on network usage of UEFI 2.5

Vincent Zimmer of Intel recently gave a presentation on use of UEFI 2.5 and Cloud-related issues. The talk was given at the Open Compute Project, and recently reprised at the Spring UEFI Forum event. The focus is UEFI-centric use of network booting, and firmware updates. This is a useful presentation to help understand one way UEFI uses it’s network stack.

More information:

LegbaCore releases new firmware research at RSA Conference

LegbaCore gave a firmware security talk at last month’s RSA Security Conference. The presentation materials and some video, are online.

LegbaCore, along with Invisible Things Lab are IMO the top two firmware security firmws, so when they release substantial new research like this, everyone should pay attention.

(If you attended my LinuxFestNorthWest talk last month on firmware security tools, the advise the LegbaCore covers in this presentation is much more detailed than what I covered.)

This is probably the best advise available to date for enterprises to protect themselves from bootkits. More up-to-date than the NIST SP guidelines or any other best practices that I know of. Everyone involved with protecting enterprise systems needs to study this carefully.

Title: Are You Giving Firmware Attackers a Free Pass?
Synopsis: Yes. Yes you are. Because you’re not patching away the vulnerabilities we and others have found and disclosed, and you’re not inspecting whether anyone has infected your firmware. This talk provides an introduction to firmware threats & capabilities. But because it is longer than previous talks like “Betting BIOS Bugs Won’t Bite Y’er Butt?”, a special emphasis is placed on including actions organizations can take immediately to mitigating firmware vulnerabilities and infections, above and beyond patching.

More Information:

Firmware security checks and IoT network security

In Mobile Enterprise, Laurie Lamberth and Steve Brumer have a story on IoT network security. Previous articles on topic have mentioned issues with out-of-date device firmware.


3. Periodic endpoint integrity checks: With thousands of devices of all different types being connected to the enterprise networks, over different networks with different access control protocols, after the fact as well as real-time access monitoring is a good idea. Periodically checking each device’s security software and policies, firmware, software, and other resources such as anti-virus protection, can root out vulnerabilities before they become problems.

Read the full story:

Do you know how to check the firmware on your system?