- #UPDATE INTEL RST USING UEFITOOL INSTALL#
- #UPDATE INTEL RST USING UEFITOOL UPDATE#
- #UPDATE INTEL RST USING UEFITOOL FULL#
- #UPDATE INTEL RST USING UEFITOOL SOFTWARE#
This allows not only to BIOS implant installations but also it makes it possible to install one of the “embedded” firmware updates without authentication, or even to bypass it completely.įigure 3: How many different pieces of firmware fit into one firmware updateīasically, each firmware is an additional place where an attacker can store and execute code an opportunity for a malicious implant.
#UPDATE INTEL RST USING UEFITOOL UPDATE#
Any BIOS vulnerability that bypasses authentication for a BIOS update image opens the door for the delivery of malicious components. But, in the same way, that usual BIOS update delivers several different “embedded” pieces of firmware to the various hardware units inside the motherboard or even in the CPU. The instructions for UEFI firmware updates usually mention an update for the BIOS, which is the main firmware. It would be great to acquire a piece of hardware with a Titan chip inside for my dirty games :-) How many pieces of Firmware fit into an Update Image? Google is the first company that started using this integrated approach to increase their cloud security and prevent hardware backdoors but definitely it won’t be the last. Specifically with Titan, even if the platform has been compromised by a firmware rootkit, isolated root of trust will prevent Secure Boot and firmware update attacks because of controlled Platform Controller Hub (PCH) and Baseboard Management Controller (BMC) access to the boot firmware flash. This approach, when a company develops its own hardware to control the platform root of trust, can become popular for other big cloud and data companies like Amazon, Microsoft, Apple, etc. It is becoming a critical task to trust your hardware configuration especially when we are talking about the cloud security where the impact multiplies by the number of affected clients. Google announced the Titan chip which intends to protect the hardware root of trust. This kind of issues can also be a result of supply chain attacks when hardware are insecurely reconfigured, infected by malicious pieces of firmware or implants. Accordingly, Intel has the following description for this class of security issues: “Locks not set, devices not properly initialized, features not disabled, etc”. This class of bugs was exactly about the implementation mistakes when developers forgot to setup something or didn’t follow the specification. We can clearly see the increase in the class issues “Platform capability not properly configured” were third-parties vendors are responsible for mostly all those bugs.
In Figure 2 it is presented the vulnerability distribution over the years (the chart copied from original publicly available Intel’s slide deck).įigure 2: Intel Security issues over 3 year period This research showed the last three years of relevant data according to Intel PSIRT. An increase in rootkits complexity due to mitigations implemented at OS level is motivating attackers to go into the firmware space.Īlso, I want to direct the attention of the readers to the research published on Black Hat 2017 by Intel “ Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities” where the authors noticed the significant increase of the security issues in UEFI firmware security space. The firmware level is the last boundary before the hardware, as it is precisely the BIOS that starts the initial stages for the hardware setup into the boot process. It is an entirely different level of persistence, which can keep the rootkit infection active for the whole cycle of usage of the infected hardware.
#UPDATE INTEL RST USING UEFITOOL FULL#
The firmware implants or rootkits can survive after an operating system reinstallation, or even after a full hard drive change. The persistence at the BIOS level is very different from anything else.
#UPDATE INTEL RST USING UEFITOOL SOFTWARE#
Why Firmware Security is Important?įrom the attacker’s perspective, the most logical way to do malicious activities nowadays is to simply move down to the next level into the software stack, to the system firmware (BIOS). But before we go deep into Intel Boot Guard details let’s talk a little bit about why the firmware issues can lead to serious problems. I proved how many mistakes can be done in practice and demonstrated that on Gigabyte hardware with modern CPU and insecure configuration with fully active Boot Guard.
Intel Boot Guard is an excellent example of a complex technology where there are places where making a small mistake allows an attacker to bypass the security of the entire technology. While I was working on this research one thought bothered me: the specification of a technology can be almost perfect, but after all, the implementation part is done by third-parties and it is challenging to maintain proper level security in this case. At the last Black Hat event in Vegas, I presented the first publicly known concept of an attack on a specific implementation of Intel Boot Guard technology - technology that is mostly undocumented.
0 kommentar(er)
