Next week, October 4-6, the Virus Bulletin International Conference will be celebrating its twenty-seventh year in Madrid, Spain. Attending the event will be more than 400 delegates from around the world and the world’s leading IT security experts – from academia and vendors, to non-profits and mega corporations. Together, they’ll share their expertise, ideas, and research in cybersecurity.
The Virus Bulletin International Conference will offer three full days of cutting-edge presentations, debates, and panels that cover all aspects of the global threat landscape.
Cylance’s Director for Security Architecture, Aditya Kapoor, will be giving a talk at the event this year on the topic of UEFI BIOS, on Wednesday 4 October 11:30 - 12:00 in the Red room. Register here.
Periodic BIOS scanning is not a task that tends to be on an IT administrator’s radar. Even if an IT admin wants to understand the security status of the BIOS, they are ill equipped to find it. The impact of an attack against the BIOS is immense, as it creates a way to provide a persistent and virtually invisible attack.
UEFI code is usually written in C language and is much less well protected against code exploits, mainly because it has been a less well researched space. In 2015, Hacking Team's UEFI rootkit showed us that such attacks are indeed feasible. There have also been numerous academic talks showing the feasibility of such attacks.
In my upcoming talk at The Virus Bulletin International Conference, we will start with the basic background of the UEFI BIOS. We will look at the tools and solutions that currently exist for analyzing a UEFI BIOS. We will also discuss current theoretical and up-to-date, in-the-wild attacks. Further, we will look into recent technological advances in UEFI security and see why it is important for hardware vendors to pay attention while implementing these features.
Some hardware vendors currently don't pay much attention to BIOS security, which is something that needs to change. Incorrect configurations make these BIOS open to persistent attacks. As more and more devices start to use UEFI, e.g. routers, storage solutions, automotives, etc., it is vital that we understand the security implications.
Finally, we will demonstrate a live attack, showing the ease of such attacks on the Windows 10 platform, which can be triggered without any physical access to the machine.
Register here for Aditya's talk at the Virus Bulletin International Conference.
About Aditya Kapoor
Aditya is the Director for Security Architecture at Cylance. He is passionate about creating next-generation product features. His primary interests are firmware security, analyzing current threat trends and finding practical engineering solutions for them. He has published and presented at AVAR, Virus Bulletin, CARO, and IEEE Computer Society International Conference on Information Technology: Coding and Computing. Previously Aditya worked at McAfee Labs for ten years as Research Architect. He holds a Masters in computer science from the University of Louisiana at Lafayette.