High-Stakes Updates | BIOS RCE OMG WTF BBQ

Presented at DEF CON 29 (2021), Aug. 7, 2021, 10 a.m. (45 minutes)

With attacks moving below the operating system and computer firmware vulnerability discovery on the rise, the need to keep current platforms updated becomes important and new technology is developed to help defend against such threats. Major computer manufacturers are adding capabilities to make it easier to update BIOS. Our research has identified multiple vulnerabilities in Dell's BiosConnect feature used for remote update and recovery of the operating system. These vulnerabilities are easy to exploit by an adversary in the right position, and are not prevented by protective technologies such as Secured Core PCs, BitLocker, BootGuard, and BIOS Guard. Join us and together we will explore the new attack surfaces introduced by these UEFI firmware update mechanisms -- including a full walk-through of multiple vulnerability findings and the methods we used to create fully working exploits that gain remote code execution within the laptop BIOS and their effects on the operating system.

Presenters:

• Jesse Michael / @jessemichael - HAcker   as Jesse Michael
  Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland. @JesseMichael
• Mickey Shkatov - Hacker
  Mickey has been doing security research for almost a decade, one of specialties is simplifying complex concepts and finding security flaws in unlikely places. He has seen some crazy things and lived to tell about them at security conferences all over the world, his past talks range from web pentesting to black badges and from hacking cars to BIOS firmware. @HackingThings

Links:

• https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 video and slides/DEF CON 29 - Mickey Shkatov Jesse Michael - High-Stakes Updates - BIOS RCE OMG WTF BBQ.mp4
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 video and slides/DEF CON 29 - Mickey Shkatov Jesse Michael - High-Stakes Updates - BIOS RCE OMG WTF BBQ.srt (subtitles)
• https://www.youtube.com/watch?v=qxWfkSonK7M

Similar Presentations:

• VB2017 / Have you scanned your BIOS recently?
• DEF CON 22 (2014) / Extreme Privilege Escalation On Windows 8/UEFI Systems
• 44CON 2017 / Checking BIOS protections offline with just the firmware updates