Presented at
Summercon 2015,
July 17, 2015, 3 p.m.
(50 minutes)
So you think you're doing OPSEC right, right? You're going to crazy lengths to protect yourself, reinstalling your main OS every month, or using a privacy-conscious live OS like Tails. Guess what? BIOS malware doesn't care! BIOS malware doesn't give a shit!"
Though long thought to be impractical, this talk will dispel the illusion that sophisticated BIOS level malware is exclusively within the realm of possibility for nation state actors. Recent disclosures of firmware level vulnerabilities have given us reliable entry vectors into the firmware on almost all systems we have surveyed. Furthermore, the well defined nature and modularity of UEFI significantly lower the bar for coherently implanting a firmware rootkit onto a system. This talk will detail the result of our 1 month effort to infect the BIOS of every business class system we could get our hands on.
Presenters:
-
Corey Kallenberg
Corey Kallenberg is a co-founder of LegbaCore, a consultancy focused on evaluating and improving host security at the lowest levels. His specialty areas are trusted computing, vulnerability research and low level development. In particular, Corey has spent several years using his vulnerability research expertise to evaluate limitations in current trusted computing implementations. In addition, he has used his development experience to create and improve upon trusted computing applications. Among these are a timing based attestation agent designed to improve firmware integrity reporting, and an open source Trusted Platform Module driver for Windows. Corey is also an experienced trainer, having created and delivered several technical courses. He is an internationally recognized speaker who has presented at BlackHat USA, DEF CON, CanSecWest, Hack in the Box, NoSuchCon, SyScan, EkoParty and Ruxcon.
Links:
Similar Presentations: