Have you scanned your BIOS recently?

Wednesday 4 October 11:30 - 12:00, Red room

Aditya Kapoor (Cylance)



Periodic BIOS scanning is not a task that tends to be on an IT admin's radar. Even if an IT admin wants to understand the security status of the BIOS, they are ill equipped to find it. Impact of an attack against the BIOS is immense as it creates a way to provide a persistent and virtually invisible attack. UEFI code is usually written in C language and is much less well protected against code exploits, mainly because it has been a less well researched space. In 2015, Hacking Team's UEFI rootkit showed us that such attacks are indeed feasible. There have also been numerous academic talks showing the feasibility of such attacks.

In this talk we will start with the basic background of the UEFI BIOS. We will look at the tools and solutions that currently exist for analysing a UEFI BIOS. We will also discuss current theoretical and up-to-date, in-the-wild attacks. Further, we will look into recent technological advances in UEFI security and see why it is important for hardware vendors to pay attention while implementing these features. Some hardware vendors currently don't pay much attention to BIOS security, which is something that needs to change. Incorrect configurations make these BIOS open to persistent attacks. As more and more devices start to use UEFI, e.g. routers, storage solutions, automotives etc., it is vital that we understand the security implications.

Finally, we will demonstrate a live attack, showing the ease of such attacks on the Windows 10 platform, which can be triggered without any physical access to the machine. 

 

Aditya-Kapoor-web.jpg

Aditya Kapoor

Aditya joined Cylance two years ago as Director for Security Architecture and is passionate about creating next-generation product features. His primary interests are firmware security, analysing current threat trends and finding practical engineering solutions for them. He has published and presented at AVAR, Virus Bulletin, CARO, and IEEE Computer Society International Conference on Information Technology: Coding and Computing etc. He has written several Virus Bulletin articles and whitepapers. Previously Aditya worked at McAfee Labs for more than ten years as Research Architect where he reverse engineered malware and wrote code to detect and remove threats, as well as designing several product technologies for McAfee. He completed his Master's in computer science from the University of Louisiana at Lafayette. Aditya's hobbies include cooking, music and travelling.

   Download slides

VB2018 MONTREAL!

VB2017 OVERVIEW

VB2017 SPEAKERS

VB2017 PROGRAMME

2017 PÉTER SZŐR AWARD

Other VB2017 papers

The state of cybersecurity in Africa: Kenya

Tyrus Kamau (Euclid Consultancy)

The cyber threats Kenya faces range from basic hacking such as website defacements, financial fraud, social media account…

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.