7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
July 24, 2017
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc9934a48852bf133/64f0d85dbe82846cd5cbe7ba/01-hardware.jpeg?width=700&auto=webp&quality=80&disable=upscale)
When enterprises build their security models based on implied trust at the hardware and firmware level, they're building them on a foundation of sand. Security researchers are going to repeatedly hammer that lesson home at Black Hat this week as they demonstrate a range of vulnerabilities, attack techniques and tools designed to get as close to the bare metal of systems as possible.
"Researchers have started really challenging the assumptions that we have about the security of platforms and digging into that," says Stefano Zanero, a researcher and associate professor at Politecnico di Milano, as well as a Black Hat review board member. "These are the very basic hardware-related features of our computers — they are things that a very, very limited amount of people have been looking into for decades, but they are growing in importance right now."
It's a dangerous category of flaws as they tend to render protections higher up the platform stack completely moot. Exploiting low-level vulnerabilities in hardware, firmware and instruction sets makes it possible for attackers to quietly and persistently take full control over even the most well-patched and defended devices.
Here are the talks most likely to make waves this week.
Wednesday, July 26 | 11:15am-12:05pm | Mandalay Bay CD
Speakers: Anna Trikalinou, Dan Lake
A pair of researchers from Intel will demonstrate a virtually undetectable direct memory access attack that takes advantage in a flaw in DIMM design that can be perpetrated if attackers have physical access to a device. They'll show how this technique gives attackers the ability to read and modify the memory content of machines in a sleep state without any special ports or invasive hardware modifications.
Thursday, July 27 | 5:00pm-6:00pm | Mandalay Bay EF
Speaker: Christopher Domas
A senior researcher with the Battelle Memorial Institute will dig deep into a smorgasbord of new flaws in the x86 chipset, including machine instructions, software bugs, hypervisor flaws and hardware flaws. Alongside that, he'll release a new toolset for hacking processors and give the audience some tips on techniques to use it.
Wednesday, July 26 | 2:40pm-3:30pm | Lagoon DEFJKL
Speaker: Andrew Furtak, Mikhail Gorobets, Oleksandr Bazhaniuk, Yuriy Bulygin
Take for example one talk at the show done by a team from McAfee. A team of researchers with McAfee examined how low-level firmware flaws on Windows 10 systems can break the hypervisor-based isolation that this operating system uses to protect itself. They'll provide details about the discoveries they made that allowed them to easily compromise Virtualization Based Security (VBS).
Wednesday, July 26 | 1:30pm-2:20pm | Mandalay Bay EF
Speaker: Amir Etemadieh, CJ Heres, Khoa Hoang
Hardware hacking has been a notoriously difficult thing to carry out without a lot of funding for a fully fleshed out lab. But virtualization has democratized things quite a bit, putting research within the hands of individual researchers without deep pockets. This group of researchers is going to show just how within reach things can get by sharing their hacking methods using a standard $10 SD card reader.
Thursday, July 27 | 2:30pm-3:20pm | Lagoon DEFJKL
Speaker: Bruce Monroe, Rodrigo Branco, Vincent Zimmer
Representatives from the Intel Product Security Incident Response Team (PSIRT) plan to get under the hood with technical details from over 90 security vulnerabilities in BIOS/UEFI platform firmware handled by PSIRT in recent years. The lessons they'll dredge up from their analysis will make it clear that BIOS and UEFI are providing attackers with easy ways to escalate privileges, escape security sandboxes and establish persistent control over machines.
Thursday, July 27 | 5:00pm-6:00pm | South Seas ABE
Speaker: Alex Matrosov
With HackingTeam and state-sponsored attackers tipping their hands about how much they value vulnerable firmware for their attacks, security defenders are starting to get wise. But technologies like Intel Boot Guard and BIOS Guard that are meant to thwart UEFI rootkits still suffer from weaknesses. This researcher from Cylance will explain what he's discovered through probing reverse engineering efforts.
When enterprises build their security models based on implied trust at the hardware and firmware level, they're building them on a foundation of sand. Security researchers are going to repeatedly hammer that lesson home at Black Hat this week as they demonstrate a range of vulnerabilities, attack techniques and tools designed to get as close to the bare metal of systems as possible.
"Researchers have started really challenging the assumptions that we have about the security of platforms and digging into that," says Stefano Zanero, a researcher and associate professor at Politecnico di Milano, as well as a Black Hat review board member. "These are the very basic hardware-related features of our computers — they are things that a very, very limited amount of people have been looking into for decades, but they are growing in importance right now."
It's a dangerous category of flaws as they tend to render protections higher up the platform stack completely moot. Exploiting low-level vulnerabilities in hardware, firmware and instruction sets makes it possible for attackers to quietly and persistently take full control over even the most well-patched and defended devices.
Here are the talks most likely to make waves this week.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024