HPE iLOv5 Firmware Updates, Local Bypass of Security Restrictions

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03894en_us

[…]Release Date: 2018-10-30[…]
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.[…]

https://2018.zeronights.ru/

ZeroNights 2018: NUClear explotion

Alexander Ermolov and Ruslan Zakirov will deliver their «NUClear explotion» talk. A major and most significant approach to UEFI BIOS security is preventing it from being illegitimately modified and the SPI flash memory from being overwritten. Modern vendors use a wide range of security mechanisms to ensure that (SMM BLE / SMM BWP / PRx / Intel BIOS Guard) and hardware-supported verification technologies (Intel Boot Guard). In other words, they do everything just not to let an attacker to place a rootkit into a system. Even the likelihood of execution in the most privileged mode of a processor – System Management Mode (can be achieved through vulnerable software SMI handlers) – is of no interest to adversaries since it does not guarantee they will be able to gain a foothold in a system. A single reboot and an attack must be started anew. However, there is a thing that can make all BIOS security mechanisms inefficient. And this thing is a vulnerable update mechanism implemented by a vendor. Moreover, quite often a legitimate updater adds lots and lots of critical security holes to a system. In this talk, we will speak about how vendors manage to throw all those security flaws together in one system using Intel NUC, a small home PC, as an example. Besides, we will demonstrate how an adversary can compromise BIOS from the userland.

https://2018.zeronights.ru/en/news/the-selection-of-zeronights-2018-talks-is-finished/

Nikolaj’s ZeroNights UEFI video online

The video of Nikolaj Schlej from ZeroNights is now online!

Sources and slides are here:
https://firmwaresecurity.com/2015/12/14/nikolaj-uploads-zero-nights-sources/
https://firmwaresecurity.com/2015/11/27/nikolajs-zeronights-presentation-available/

 

Nikolaj’s ZeroNights presentation available

Congratulations to Nikolaj on his first presentation! His presentation is now available!

The section on Protections is especially worth reading!

https://github.com/NikolajSchlej/ZeroNights2015
https://github.com/NikolajSchlej/ZeroNights2015/raw/master/FixItYourself_Schlej.pdf

ZeroNights

ZeroNights is coming up this December in Moscow. There are multiple firmware security-related presentations at this event,

Not only will Nikolaj Schlej will be speaking on UEFI, perhaps his first conference presentation?

But there are at least two other firmware-related presentations:

They also have a Hardware Hacking Village. Looks like a fun conference.

http://2015.zeronights.org/agenda.html
http://2015.zeronights.org/workshops.html

Nikolaj Schlej to speak on UEFI at ZeroNights

Nikolaj Schlej, firmware security researcher and creator of UEFITool, will be speaking at ZeroNights 2015 in November 25-26 in Moscow, Russia, his first security conference presentation! His presentation is called “UEFI: Fix it yourself”, and he’s one of a handful of people that can accomplish that. 🙂

http://2015.zeronights.org/