The UEFI Threat — Or How I Can “Permanently” Brick Your Computer

Presented at ShmooCon 2023, Jan. 22, 2023, noon (60 minutes).

What happens when you analyze over 100k firmware images? Firmware that lives inside your PCs, servers, and laptops often flies beneath the radar of IT and security teams. Looking at just one type of firmware on your computer, UEFI (the replacement for BIOS), offers a wide range of attack surfaces. I was curious about the available protections for UEFI, and specifically the SPI flash it is stored on. In this presentation, you’ll learn what’s stored here, how it’s often not protected correctly, and how to protect it. We will not just theorize, data for this presentation is backed by the analysis of thousands of UEFI firmware images. Inside this data, we will be able to determine the most common misconfigurations. Some may say that the manufacturer should provide properly configured firmware, and this presentation will prove this does not happen as often as it should. The solutions are complex, as your computer is made up of hardware and software from multiple manufacturers participating in an even more confusing supply chain.

Presenters:

• Paul Asadoorian
  Paul Asadoorian (@securityweekly) is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul is the host of one of the longest-running security podcasts, Paul’s Security Weekly, and enjoys coding in Python, telling everyone he uses Linux as his daily driver, poking at the supply chain, and reading about UEFI.

Similar Presentations:

• 32C3 (2015) / Reversing UEFI by execution
• SOURCE Seattle 2017 / Platform Firmware Defense for Blue Teams
• 44CON 2017 / Checking BIOS protections offline with just the firmware updates