Less than three years after the Equation Group was discovered backdooring hard drive firmware, courses on how to create such backdoored firmware are available to the public. New exploits in BIOS/UEFI that enable bypassing OS and Hypervisor protections have become commonplace. Once compromised, remediation is virtually impossible; malicious firmware is perfectly positioned to block the very updates that would remove it.
Truly defending against these threats requires a different approach–traditional vendor firmware signatures and secure boot implementations aren’t good enough. Without mechanisms to detect and recover the firmware, a backdoor could be forever persistent and undetectable. Fortunately, nearly every device available has an existing mechanism to force it into a state which can be used to restore the writable firmware components. We’ll describe how we’ve made use of such capabilities at scale, the challenges in doing so, and what the future holds for securing firmware.
Matt King and Paul McMillan (@PaulM) secure cloud hardware for a living. Matt implements NSA-style implants for fun, and Paul enjoys attempting to solve impossible problems.
Matt King and Paul McMillan (@PaulM) secure cloud hardware for a living. Matt implements NSA-style implants for fun, and Paul enjoys attempting to solve impossible problems.