MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Digital Devices at Risk – Understanding and Countering Firmware Threats

Digital Devices at Risk – Understanding and Countering Firmware Threats

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company that helps organizations protect their critical hardware, firmware, and software.

Prior to Eclypsium, Yuriy was Chief Threat Researcher and led the Microprocessor Security Analysis team at Intel Corporation, as well as the Advanced Threat Research team at Intel Security.

He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework.

When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk.

Since then Eclypsium has been on a mission to protect devices from supply chain risks.

In this interview, Yuriy highlights the potential vulnerabilities in the firmware (software running the hardware) in today’s digital devices, and the risk posed by threat actors.

Using a typical PC as an example, which involves contributions from over 265 suppliers, each with its components and code, he notes the ubiquity of software, and liken the supply chain of such a device to a “Wild West”:

“at any point in the supply chain, at any of those links in the supply chain, a compromise may happen”, and “ all of these components and all the code that is developed by those suppliers and vendors has vulnerabilities.”

He elaborated that “even if it’s OK now … 3 months from now, it can be compromised because of those vulnerabilities.”

To give an example, he referenced the recently discovered threat in the wild – “BlackLotus”, an evolution of threats based on open-source frameworks – e.g. Lojax, MosaicRegressor, Moon bounce – discovered in the past 3 to 4 years.

He highlighted the characteristics of such threats:

  • These UEFI compromises allow attackers to compromise equipment remotely, for access or persistent malware installation.
  • They cannot be removed by reinstalling operating system or reimaging or even replacing the hard drive.
  • BlackLotus exploitation of the UEFI system vulnerabilities, particularly the Secure Boot – a fundamental security feature adopted by modern operating systems – sets it apart as an advanced threat, marking the first instance of such threats discovered “in the wild.”

He explained that compromising firmware is attractive for threat actors for many reasons:

  • Stay hidden: Detection and protection controls operate at the software application level and above, but there is no equivalent for firmware.
  • Achieve “Persistence” – where traditional mitigation measures cannot remove the malware/threats.
  • Simplicity – for example, exploiting firmware vulnerabilities to gain access is much simpler than developing a very complicated exploit chain.

Gain high privileges – Remain hidden and persistent while gaining high level of privileges.

To mitigate against malicious firmware implants, Yuriy suggested,

  1. assess the supply chain risks (e.g. potential vulnerabilities and threats introduced during procurement and deployment),
  2. continuous monitoring of system integrity,
  3. implement specialized technologies designed for malicious firmware detection.

Recorded at Singapore International Cyber Week / Govware 2023 – 18th October 2023, 3pm.

#mysecuritytv #govware #sicw

OTHER VIDEOS IN THIS SERIES

assimh
October 2, 2025
We speak with Professor Andy Koronios, CEO and Managing Director of the Australasian Space Innovation Institute, officially launched on the sidelines of the 76th International Astronautical Congress (IAC), Sydney.Watch Now
spa8md
October 1, 2025
We speak with His Excellency Eng. Salem Butti Salem Al Qubaisi, the UAE Space Agency’s Director General.Watch Now
spimg
October 1, 2025
We speak with the Hon Judith Collins KC, MP, Attorney-General, Minister of Defence, Minister for Digitising Government, Minister for the Public Service, Minister Responsible for the GCSB, Minister Responsible for the NZSIS, Minister for Space with the New Zealand Government.Watch Now
dras1
October 1, 2025
We speak with Dr Thierry Peynot, Associate Professor – Queensland University of Technology (QUT); Chief Investigator – QUT Centre for Robotics (Space Robotics and Mining Robotics) activities who will be presenting next week in Perth at the Indo-Pacific Robotics, Autonomy, AI, Cyber Conference and Exhibition (IPRAAC), 7-8 October at the Pan Pacific Hotel.Watch Now