![]() Google the first who start using this integrated approach for increase their cloud security and prevent hardware backdoor’s but definitely not the last one. ![]() Specifically with Titan even if the platform has been compromised by firmware rootkit isolated root of trust will prevent Secure Boot attacks and firmware update attacks because of controlled Platform Controller Hub (PCH) and Baseboard Management Controller (BMC) access to the boot firmware flash. This approach when the company develops their own hardware to control platform root of trust can become popular for big clouds and data companies like Amazon, Google, Microsoft, Apple, etc. On the next chart, present vulnerability distribution over the years (the chart copied from original public available Intel’s slide deck). This research shows the data for the last three years accordingly to Intel PSIRT. Where the authors pay attention to the significant increase of the security issues in UEFI firmware security space. An increase of mitigation’s on OS level will cause the rootkits complexity and motivation for the attacker to go into the firmware space.Īlso in I want to pay attention of the readers to the research published on Black Hat 2017 by Intel “ Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities”. The firmware level is the last boundary before the hardware, as it is precisely the BIOS that starts the initial stages for the hardware setup into the boot process. It is an entirely different level of persistence, which can keep the rootkit infection active for the whole cycle of usage of infected hardware. The firmware implants or rootkits can survive after an operating system reinstallation, or even after a full hard drive change. The BIOS level of persistence is very different with anything else. Why Firmware Security is Important?įrom the attacker’s perspective, the more logical way to do things nowadays is to simply move to the next level down into the software stack - after boot code, that is the way to the BIOS. But before we go deep into Intel Boot Guard details let’s talk a little bit about why the firmware issues can be serious problems. I proofed on practice how many mistakes can be done and demonstrate on Gigabyte hardware with modern CPU an insecure configuration with fully active Boot Guard. Intel Boot Guard is an excellent example of a complex technology where exist a lot of places where making a small mistake allows an attacker to bypass full technology. ![]() When I worked on this research one thought it bothered me: the specification of technology can be perfect but after that, the implementation part goes to the third-parties and it is challenging to maintain proper level security in this case. On the last Black Hat event in Vegas, I presented the first publicly known concept of attack on a specific implementation of Intel Boot Guard technology (mostly undocumented as a technology).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |