[…]Release Date: 2018-10-30[…]
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.[…]
Alexander Ermolov and Ruslan Zakirov will deliver their «NUClear explotion» talk. A major and most significant approach to UEFI BIOS security is preventing it from being illegitimately modified and the SPI flash memory from being overwritten. Modern vendors use a wide range of security mechanisms to ensure that (SMM BLE / SMM BWP / PRx / Intel BIOS Guard) and hardware-supported verification technologies (Intel Boot Guard). In other words, they do everything just not to let an attacker to place a rootkit into a system. Even the likelihood of execution in the most privileged mode of a processor – System Management Mode (can be achieved through vulnerable software SMI handlers) – is of no interest to adversaries since it does not guarantee they will be able to gain a foothold in a system. A single reboot and an attack must be started anew. However, there is a thing that can make all BIOS security mechanisms inefficient. And this thing is a vulnerable update mechanism implemented by a vendor. Moreover, quite often a legitimate updater adds lots and lots of critical security holes to a system. In this talk, we will speak about how vendors manage to throw all those security flaws together in one system using Intel NUC, a small home PC, as an example. Besides, we will demonstrate how an adversary can compromise BIOS from the userland.
The video of Nikolaj Schlej from ZeroNights is now online!
Alex Matrosov’s presentations — one of which is on attacking hypervisors — from Zero Nights are now online!
ZeroNights is coming up this December in Moscow. There are multiple firmware security-related presentations at this event,
Not only will Nikolaj Schlej will be speaking on UEFI, perhaps his first conference presentation?
But there are at least two other firmware-related presentations:
They also have a Hardware Hacking Village. Looks like a fun conference.
Nikolaj Schlej, firmware security researcher and creator of UEFITool, will be speaking at ZeroNights 2015 in November 25-26 in Moscow, Russia, his first security conference presentation! His presentation is called “UEFI: Fix it yourself”, and he’s one of a handful of people that can accomplish that. 🙂