![]() ![]() ![]() In Figure 2 it is presented the vulnerability distribution over the years (the chart copied from original publicly available Intel’s slide deck).įigure 2: Intel Security issues over 3 year period This research showed the last three years of relevant data according to Intel PSIRT. An increase in rootkits complexity due to mitigations implemented at OS level is motivating attackers to go into the firmware space.Īlso, I want to direct the attention of the readers to the research published on Black Hat 2017 by Intel “ Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities” where the authors noticed the significant increase of the security issues in UEFI firmware security space. ![]() The firmware level is the last boundary before the hardware, as it is precisely the BIOS that starts the initial stages for the hardware setup into the boot process. It is an entirely different level of persistence, which can keep the rootkit infection active for the whole cycle of usage of the infected hardware. The firmware implants or rootkits can survive after an operating system reinstallation, or even after a full hard drive change. The persistence at the BIOS level is very different from anything else. Why Firmware Security is Important?įrom the attacker’s perspective, the most logical way to do malicious activities nowadays is to simply move down to the next level into the software stack, to the system firmware (BIOS). ![]() But before we go deep into Intel Boot Guard details let’s talk a little bit about why the firmware issues can lead to serious problems. I proved how many mistakes can be done in practice and demonstrated that on Gigabyte hardware with modern CPU and insecure configuration with fully active Boot Guard. Intel Boot Guard is an excellent example of a complex technology where there are places where making a small mistake allows an attacker to bypass the security of the entire technology. While I was working on this research one thought bothered me: the specification of a technology can be almost perfect, but after all, the implementation part is done by third-parties and it is challenging to maintain proper level security in this case. At the last Black Hat event in Vegas, I presented the first publicly known concept of an attack on a specific implementation of Intel Boot Guard technology - technology that is mostly undocumented. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |