Uncategorized

Nikolaj joins Apple!!

WOW!!, Nikolaj joins Apple!! First they hired Legbacore, now Nikolaj!

As well, UEFITool has new maintainers, Alex and Dmytro!!

Standard
Uncategorized

status of MITRE Copernicus

AFAIK, Copernicus was the first firmware vulnerability analysis tool. MITRE’s research in this area is required reading for anyone learning x86 firmware security. But then, half of the 4-person team left MITRE to create LegbaCore, and have since both joined Apple. These days, AFAIK, Copernicus is not actively maintained.  I was not sure of status of MITRE Copernicus (or Copernicus2), so I asked MITRE, and K. Wright, their Public Affairs Lead gave me the current status of Copernicus:

“MITRE continues to research security risks associated with UEFI and firmware. However, development and feature enhancements on the proof-of-concept known as Copernicus is no longer active. Many of the emerging commercial offerings coming to the market show promise similar to what had been demonstrated in Copernicus as an off-the-shelf option.”

More information:

http://www.mitre.org/research/technology-transfer/technology-licensing/copernicus

 

Without fresh builds of Copernicus, Intel CHIPSEC is probably the main (only?) firmware vulnerability analysis tool actively maintained. It would be nice if there were a few other tools, ESPECIALY for non-Intel systems: ARM, AMD, MIPS, OpenPOWER, etc. I wish MITRE would open source their PoC so the open source community could help maintain/extend it (eg., port it to Linux).

Standard
Uncategorized

Apple acquires Legbacore — in the news again!

Back in November, Apple hired Legbacore’s hardware/firmware experts to help secure Apple hardware.

https://firmwaresecurity.com/2015/11/10/apple-acquires-legbacore/

Ok, that was months ago. But for the last week, the above URL re-appeared on this blog’s stats as the most visited URL. Then, a few days later, there’s now a slew of stories on this, like it just happened today. Today, this is the top store on Google News for UEFI. Strange, how tech news works.

http://appleinsider.com/articles/16/02/02/apple-hires-firmware-security-experts-who-worked-on-thunderstrike-2-exploit
http://www.macrumors.com/2016/02/02/apple-acquired-legbacore/

Apple acquired the security company that found bugs in Mac firmware

http://timesofindia.indiatimes.com/tech/tech-news/Apple-acquired-the-company-that-exposed-flaws-in-its-firmware/articleshow/50837174.cms
http://www.businessinsider.com/apple-hired-the-hackers-who-created-the-first-mac-firmware-virus-2016-2
http://www.engadget.com/2016/02/03/apple-legbacore-thunderstrike-acquisition/
http://www.patentlyapple.com/patently-apple/2016/02/apple-acquired-legbacore-to-advance-security-for-macs.html
http://gadgets.ndtv.com/laptops/news/apple-buys-security-firm-legbacore-that-exposed-vulnerabilities-in-os-x-797979
http://www.bidnessetc.com/62638-apple-inc-acquires-mac-virus-detector-legbacore/

I am eagerly awaiting to see the results of their work, I hope future macs have a “Legbacore”-ready logo on it, or something so I know it’s better than the older hardware. 🙂

Standard
Uncategorized

Apple acquires LegbaCore!!

WOW, LegbaCore closes down, Xeno and Corey join Apple!!!!

https://twitter.com/XenoKovah/

I expect Apple will shortly have MUCH MORE secure firmware/hardware systems, with their help! Other OEMs should be a little scared today.

 

Standard
Uncategorized

Whitepaper from Legbacore on Thunderstrike

At GSEC HITB Singapore 2015, Legbacore gave pre-conference training. As well, they gave a presentation on Thunderstrike. Beyond the presentation slides, the whitepaper is now available!

http://gsec.hitb.org/materials/sg2015/

http://gsec.hitb.org/materials/sg2015/D2%20-%20Xeno%20Kovah%20-%20Thunderstrike%202%20-%20Sith%20Strike.pdf
http://gsec.hitb.org/materials/sg2015/whitepapers/Xeno%20Kovah%20-%20Thunderstrike%202%20-%20Sith%20Strike.pdf

Standard
Uncategorized

LegbaCore adds BIOS/SMM training to OpenSecurityTraining.Info!

They’ve added a 2-day training course on BIOS/SMM, “Advanced x86: Introduction to BIOS & SMM”! The BIOS researchers at MITRE — and half of them now at LebaCore — are one of the main pioneers of BIOS research, and this is one of ther main training sessions. Wow!

“Around 2011, the trustworthy system measurement research project that Xeno Kovah was running at MITRE decided to start digging deeper than the Windows kernel and rootkit detection, to try and detect malicious software at the BIOS level. Xeno & Corey Kallenberg continued to work on Kernel, while team member John Butterworth was tasked with starting to learn about BIOS in parallel. John’s work led to the “BIOS Chronomancy” work (published at both BlackHat and ACM CCS), porting the team’s existing Timing-Based Attestation system from the kernel level down to the BIOS. Xeno then asked John to start making an open source training class to capture his knowledge, the same way that Xeno & Corey had captured their past knowledge on the project and uploaded it to OST. John created a 2 day Intro BIOS class and got it public released from MITRE. The intention originally was that it would cover all basics of BIOS which would be applicable to both legacy BIOS, CoreBoot, or UEFI-based systems. And then it was expected there would be a follow on class digging deeper into the specifics of UEFI. Unfortunately time prohibited the creation of that 2nd 2 days of classes focusing on UEFI, so you can see that some minimal UEFI content was eventually shoehorned into this class, though frequently there isn’t enough time to get to it within 2 days. It is our hope that this Introductory BIOS & SMM class will help demystify how x86 systems work at the low levels, so that people can better understand the BIOS/SMM/SecureBoot vulnerabilities described in the team’s work while at MITRE, and later after Xeno & Corey founded LegbaCore. With this knowledge in hand, hopefully students can fully appreciate and explain to others why it is so critical that BIOS patch management be performed by organizations, to eliminate the vulnerabilities that lurk at this level.

http://opensecuritytraining.info/IntroBIOS.html

Standard