1. InfoconDB
  2. ekoparty
  3. ekoparty 14 (2018)
  4. Remotely Attacking System Firmware

Remotely Attacking System Firmware

Presented at ekoparty 14 (2018), Sept. 27, 2018, 1:50 p.m. (50 minutes).

In recent years we have been witnessing a steady increase in security vulnerabilities in firmware. Nearly all of these issues require local (often privileged) or physical access to exploit. In this talk we will present novel remote attacks on system firmware.

In this talk we will show different remote attack vectors into system firmware, including networking, updates over the Internet, and error reporting. We will also be demonstrating and remotely exploiting vulnerabilities in different UEFI firmware implementations which can lead to installing persistent implants remotely at scale. The proof-of-concept exploit is less than 800 bytes.

How can we defend against such firmware attacks? We will analyze the remotely exploitable UEFI and BMC attack surface of modern systems, explain specific mitigations for the discussed vulnerabilities, and provide recommendations to detect such attacks and discover compromised systems.


Presenters:

  • Jesse Michael / @jessemichael as Jesse Michael
    Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation, who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, and BSides Portland.

Links:

Similar Presentations: