MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Digital Devices at Risk – Understanding and Countering Firmware Threats

Digital Devices at Risk – Understanding and Countering Firmware Threats

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company that helps organizations protect their critical hardware, firmware, and software.

Prior to Eclypsium, Yuriy was Chief Threat Researcher and led the Microprocessor Security Analysis team at Intel Corporation, as well as the Advanced Threat Research team at Intel Security.

He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework.

When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk.

Since then Eclypsium has been on a mission to protect devices from supply chain risks.

In this interview, Yuriy highlights the potential vulnerabilities in the firmware (software running the hardware) in today’s digital devices, and the risk posed by threat actors.

Using a typical PC as an example, which involves contributions from over 265 suppliers, each with its components and code, he notes the ubiquity of software, and liken the supply chain of such a device to a “Wild West”:

“at any point in the supply chain, at any of those links in the supply chain, a compromise may happen”, and “ all of these components and all the code that is developed by those suppliers and vendors has vulnerabilities.”

He elaborated that “even if it’s OK now … 3 months from now, it can be compromised because of those vulnerabilities.”

To give an example, he referenced the recently discovered threat in the wild – “BlackLotus”, an evolution of threats based on open-source frameworks – e.g. Lojax, MosaicRegressor, Moon bounce – discovered in the past 3 to 4 years.

He highlighted the characteristics of such threats:

  • These UEFI compromises allow attackers to compromise equipment remotely, for access or persistent malware installation.
  • They cannot be removed by reinstalling operating system or reimaging or even replacing the hard drive.
  • BlackLotus exploitation of the UEFI system vulnerabilities, particularly the Secure Boot – a fundamental security feature adopted by modern operating systems – sets it apart as an advanced threat, marking the first instance of such threats discovered “in the wild.”

He explained that compromising firmware is attractive for threat actors for many reasons:

  • Stay hidden: Detection and protection controls operate at the software application level and above, but there is no equivalent for firmware.
  • Achieve “Persistence” – where traditional mitigation measures cannot remove the malware/threats.
  • Simplicity – for example, exploiting firmware vulnerabilities to gain access is much simpler than developing a very complicated exploit chain.

Gain high privileges – Remain hidden and persistent while gaining high level of privileges.

To mitigate against malicious firmware implants, Yuriy suggested,

  1. assess the supply chain risks (e.g. potential vulnerabilities and threats introduced during procurement and deployment),
  2. continuous monitoring of system integrity,
  3. implement specialized technologies designed for malicious firmware detection.

Recorded at Singapore International Cyber Week / Govware 2023 – 18th October 2023, 3pm.

#mysecuritytv #govware #sicw

OTHER VIDEOS IN THIS SERIES

asean-01
December 18, 2024
Group-IB has released a fascinating case investigation on deep fake fraud. Watch Now
bug
December 13, 2024
Learn what ethical hackers can teach us about the next era of artificial intelligence. Watch Now
chie-1112-2
December 11, 2024
We speak with Craig Patterson, Senior Vice President of Global Channels at Aryaka Networks, where he leads the company’s channel strategy worldwide, enabling alignment across partner sales and marketing teams and programs in North America, Europe, Africa and the Middle East (EMEA) and Asia-Pacific (APAC). Watch Now
chie-1112-1
December 11, 2024
We speak with Paul Tyrer, Global VP of IT Channel Ecosystem, Schneider Electric about the impact of AI on Data Centers in the coming years. Generative AI is expected to grow by US$158.6 billion by 2028, according to #canalys Watch Now