Remotely Attacking System Firmware (Black Hat Conference 2018)

In recent years, we have been witnessing a steady increase in security vulnerabilities in firmware. Nearly all of these issues require local (often privileged) or physical access to exploit. In this talk, we will present novel *remote* attacks on system firmware. 

In this talk, we will show different remote attack vectors into system firmware, including networking, updates over the Internet, and error reporting. We will also be demonstrating and remotely exploiting vulnerabilities in different UEFI firmware implementations which can lead to installing persistent implants remotely at scale. The proof-of-concept exploit is less than 800 bytes.

How can we defend against such firmware attacks? We will analyze the remotely exploitable UEFI and BMC attack surface of modern systems, explain specific mitigations for the discussed vulnerabilities, and provide recommendations to detect such attacks and discover compromised systems.


Jesse Michael

Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented multiple times at DEF CON, PacSec, Hackito Ergo Sum, and BSides Portland.

Mickey Shkatov

Mickey Shkatov, a principal researcher at Eclypsium, has been performing security research and product security validation since 2010, He has also presented multiple times at DEF CON and Black Hat, PacSec, CanSecWest, BruCon, Hackito Ergo Sum, and BSides Portland.

Oleksandr Bazhaniuk

Eclypsium CTO and Founder Alex Bazhaniuk has been performing security research and product security for a number of years at Intel Corporation. Alex presented his research at well-known security conferences such as Black Hat, DEF CON, CanSecWest, Recon, Troopers, Ekoparty, Toorcon, Hackito, HITB, OPCDE, Syscan360. Also he teaches popular trainings in firmware security. Previously, Alex co-founded the first DEF CON group in Ukraine. Also he is the co-author of open source CHIPSEC framework.

Detailed Presentation:

(Source: Black Hat USA 2018, Las Vegas)


Views: 125

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service