aelliott83 - Slashdot User

Submission + - Security Industry Incapable of Finding Firmware Attackers (threatpost.com)

Submitted by BIOS4breakfast on Wednesday March 19, 2014 @09:49AM

BIOS4breakfast writes: Research presented at CanSecWest has shown that despite the fact that we know that firmware attackers, in the form of the NSA, definitely exists, there is still a wide gap between the attackers' ability to infect firmware, and the industry's ability to detect their presence. The researchers from MITRE and Intel showed attacks on UEFI SecureBoot, the BIOS itself, and BIOS forensics software. Although they also released detection systems for supporting more research and for trustworthy BIOS capture, the real question is, when is this going to stop being the domain of research and when are security companies going to get serious about protecting against attacks at this level?

Comment TPM research at Blackhat (Score 3, Informative) 290

by aelliott83 on Sunday August 11, 2013 @03:35PM (#44537161) Attached to: Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

There was some interesting research presented at Blackhat that pointed out the problems of using the TPM as a root of trust in your platform: https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf The essence of the research is that the TPM is not adequate as a root of trust in the platform because the code that drives the TPM/does the system measurements resides on a mutable EEPROM (the bios flash chip). Therefore any attacker that can gain access to the bios flash chip via an exploit (the researchers presented one) or via an unlocked flash chip (see Yuriy Bulygin's related work) can forge the TPM measurements that serve as the root of trust in your system. This is important because software like Bitlocker uses these TPM measurement values to determine whether or not to decrypt your harddrive...

Slashdot Top Deals