The Stakes Are Raised When Protecting the Foundation of Computing – Scott Scheferman – PSW #705
With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late.
https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov https://eclypsium.com/2021/06/24/biosdisconnect/ https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/ https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/
This segment is sponsored by Eclypsium.
Visit https://securityweekly.com/eclypsium to learn more about them!
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.