MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Digital Devices at Risk – Understanding and Countering Firmware Threats

Digital Devices at Risk – Understanding and Countering Firmware Threats

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company that helps organizations protect their critical hardware, firmware, and software.

Prior to Eclypsium, Yuriy was Chief Threat Researcher and led the Microprocessor Security Analysis team at Intel Corporation, as well as the Advanced Threat Research team at Intel Security.

He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework.

When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk.

Since then Eclypsium has been on a mission to protect devices from supply chain risks.

In this interview, Yuriy highlights the potential vulnerabilities in the firmware (software running the hardware) in today’s digital devices, and the risk posed by threat actors.

Using a typical PC as an example, which involves contributions from over 265 suppliers, each with its components and code, he notes the ubiquity of software, and liken the supply chain of such a device to a “Wild West”:

“at any point in the supply chain, at any of those links in the supply chain, a compromise may happen”, and “ all of these components and all the code that is developed by those suppliers and vendors has vulnerabilities.”

He elaborated that “even if it’s OK now … 3 months from now, it can be compromised because of those vulnerabilities.”

To give an example, he referenced the recently discovered threat in the wild – “BlackLotus”, an evolution of threats based on open-source frameworks – e.g. Lojax, MosaicRegressor, Moon bounce – discovered in the past 3 to 4 years.

He highlighted the characteristics of such threats:

  • These UEFI compromises allow attackers to compromise equipment remotely, for access or persistent malware installation.
  • They cannot be removed by reinstalling operating system or reimaging or even replacing the hard drive.
  • BlackLotus exploitation of the UEFI system vulnerabilities, particularly the Secure Boot – a fundamental security feature adopted by modern operating systems – sets it apart as an advanced threat, marking the first instance of such threats discovered “in the wild.”

He explained that compromising firmware is attractive for threat actors for many reasons:

  • Stay hidden: Detection and protection controls operate at the software application level and above, but there is no equivalent for firmware.
  • Achieve “Persistence” – where traditional mitigation measures cannot remove the malware/threats.
  • Simplicity – for example, exploiting firmware vulnerabilities to gain access is much simpler than developing a very complicated exploit chain.

Gain high privileges – Remain hidden and persistent while gaining high level of privileges.

To mitigate against malicious firmware implants, Yuriy suggested,

  1. assess the supply chain risks (e.g. potential vulnerabilities and threats introduced during procurement and deployment),
  2. continuous monitoring of system integrity,
  3. implement specialized technologies designed for malicious firmware detection.

Recorded at Singapore International Cyber Week / Govware 2023 – 18th October 2023, 3pm.

#mysecuritytv #govware #sicw

OTHER VIDEOS IN THIS SERIES

Astronomers
April 18, 2024
An international team of astronomers has discovered 49 new gas-rich galaxies using the MeerKAT radio telescope in South Africa. Watch Now
apsm_03
April 8, 2024
What are the strategic directions for AI in homeland security. Attending Milipol APAC and TechX Summit 2024, we speak with Physicist and former Yale University Professor, Dimitri Kusnezov, Under Secretary for S&T, US Department of Homeland Security. Watch Now
apsm_01
April 8, 2024
With the rapidly evolving challenges in global travel, trade, and security, we speak to Australian Border Force Commissioner, Michael Outram APM at the Milipol APAC and TechX Summit 2024 in Singapore. Watch Now
apsm
April 2, 2024
Pentera is an automated pentesting platform. Validate every attack surface in your network, and test continuously to maintain control over your true security posture. Be proactive in fixing vulnerabilities, misconfigurations, leaked credentials, and privileges before they are exploited. Watch Now