In our previous "Defeating Signed BIOS Enforcement" talk, we discussed how some vendors' BIOS protections can be bypassed by an attacker who can get into SMM. In this talk we with discuss a new security issue that also leads to the bypass of access controls on an SPI flash chip. This can lead to the attacker reflashing the BIOS with embedded malicious code, defeating UEFI Secure Boot, or bricking the system. We will also discuss how we have been working with vendors to remediate these attacks, and what you can do to help protect yourself.
John Butterworth is a security researcher at The MITRE Corporation who specializes in low level system security. He is applying his electrical engineering background and firmware engineering background to investigate UEFI/BIOS security.
Xeno is a Lead InfoSec Engineer at The MITRE Corporation, a not -for-profit company that runs 6 federally funded research and development centers (FFRDCs). He is the team lead for the BIOS Analysis for Detection of Advanced System Subversion project. On the predecessor project, Checkmate, he investigated kernel/userspace memory integrity verification & timing-based attestation. Both projects have a special emphasis on how to make it so that the measurement agent can't just be made to lie by an attacker.
Sam Cornwell has been working on projects such as Checkmate, a kernel and userspace memory integrity verification & timing-based attestation tool, Copernicus 1, and numerous other private security sensors designed to combat sophisticated threats since 2011.