Presented at
Black Hat USA 2022,
Aug. 10, 2022, 11:20 a.m.
(40 minutes).
Vulnerabilities in System Management Mode (SMM) and more general UEFI applications/drivers (DXE) are receiving increased attention from security researchers. Over the last 9 months, the Binarly efiXplorer team disclosed 42 high-impact vulnerabilities related to SMM and DXE firmware components. But newer platforms have significantly increased the runtime mitigations in the UEFI firmware execution environment (including SMM). The new Intel platform firmware runtime mitigations reshaped the attack surface for SMM/DXE with new Intel Hardware Shield technologies applied below-the-OS.
The complexity of the modern platform security features is growing every year. The general security promises of the platform consist of many different layers defining their own security boundaries. Unfortunately, in many cases, these layers may introduce inconsistencies in mitigation technologies and create room for breaking general security promises, allowing for successful attacks.
In this presentation, we will share our work exploring recent changes in the UEFI firmware security runtime using one of the most recent Intel CPUs as an example. The presentation will cover the evolution of firmware mitigations in SMM/DXE on x86-based CPUs and a discussion about the new attacks on Intel Platform Properties Assessment Module (PPAM), which are often used in tandem with Intel SMI Transfer Monitor (STM).
These topics have never been publicly discussed from the offensive security research perspective.
Presenters:
-
Alex Matrosov
- CEO and Founder, Binarly
Alex Matrosov is CEO and Founder of Binarly Inc. where he builds an AI-powered platform to protect devices against emerging firmware threats. Alex has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. He served as Chief Offensive Security Researcher at Nvidia and Intel Security Center of Excellence (SeCoE). Alex is the author of numerous research papers and the bestselling award-winning book Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. He is a frequently invited speaker at security conferences, such as REcon, Black Hat, Offensivecon, WOOT, DEF CON, and many others. Additionally, he was awarded multiple times by Hex-Rays for his open-source contributions to the research community.
-
Alex Ermolov
- Principal Security Researcher, Binarly
Alex Ermolov leads supply chain and platform security research and development at Binarly Inc. With more than 10 years of experience in researching low-level design, firmware and system software built for various platforms and architectures, he helps to create a solution for protecting devices against firmware threats.
-
Yegor Vasilenko
- Principal Security Researcher, Binarly
Yegor Vasilenko is an experienced Security Researcher focused on reverse engineering and firmware analysis. Nowadays he enjoys firmware reverse engineering and tools development. Yegor is one of the maintainers of a popular tool called efiXplorer for UEFI firmware reverse engineering and vulnerability research.
-
Sam Thomas
- Principal Research Scientist, Binarly
Dr. Sam L. Thomas is a security researcher and former academic from the UK. His interests include reverse engineering, malware detection, and static analysis. Before leaving academia, he completed post-docs in France (at CNRS) and the UK (at the University of Birmingham) and was Maître de conférences at CentraleSupélec, France. His PhD thesis focused on devising novel approaches to detect backdoors in embedded device firmware. He has presented his research at numerous internationally renowned academic conferences, including CHES, RAID, ESORICS, and DIMVA. He has also served on the program committees for DIMVA (2019-2022) and WOOT (2019, 2020).
Links:
Similar Presentations: