Cyber Security Weekly Podcast

Episode 387 - Digital Devices at Risk – Understanding and Countering Firmware Threats


Listen Later

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company that helps organizations protect their critical hardware, firmware, and software.


Prior to Eclypsium, Yuriy was Chief Threat Researcher and led the Microprocessor Security Analysis team at Intel Corporation, as well as the Advanced Threat Research team at Intel Security.


He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework.


When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk.


Since then Eclypsium has been on a mission to protect devices from supply chain risks.


In this interview, Yuriy highlights the potential vulnerabilities in the firmware (software running the hardware) in today’s digital devices, and the risk posed by threat actors.


Using a typical PC as an example, which involves contributions from over 265 suppliers, each with its components and code, he notes the ubiquity of software, and liken the supply chain of such a device to a “Wild West”:


“at any point in the supply chain, at any of those links in the supply chain, a compromise may happen”, and “ all of these components and all the code that is developed by those suppliers and vendors has vulnerabilities.”


He elaborated that “even if it's OK now … 3 months from now, it can be compromised because of those vulnerabilities.”


To give an example, he referenced the recently discovered threat in the wild – “BlackLotus”, an evolution of threats based on open-source frameworks – e.g. Lojax, MosaicRegressor, Moon bounce - discovered in the past 3 to 4 years.


He highlighted the characteristics of such threats:

• These UEFI compromises allow attackers to compromise equipment remotely, for access or persistent malware installation.

• They cannot be removed by reinstalling operating system or reimaging or even replacing the hard drive.

• BlackLotus exploitation of the UEFI system vulnerabilities, particularly the Secure Boot - a fundamental security feature adopted by modern operating systems - sets it apart as an advanced threat, marking the first instance of such threats discovered "in the wild."


He explained that compromising firmware is attractive for threat actors for many reasons:

• Stay hidden: Detection and protection controls operate at the software application level and above, but there is no equivalent for firmware.

• Achieve "Persistence" - where traditional mitigation measures cannot remove the malware/threats.

• Simplicity – for example, exploiting firmware vulnerabilities to gain access is much simpler than developing a very complicated exploit chain.

• Gain high privileges – Remain hidden and persistent while gaining high level of privileges.


To mitigate against malicious firmware implants, Yuriy suggested,

(a) assess the supply chain risks (e.g. potential vulnerabilities and threats introduced during procurement and deployment),

(b) continuous monitoring of system integrity,

(c) implement specialized technologies designed for malicious firmware detection.


Recorded at Singapore International Cyber Week / Govware 2023 – 18th October 2023, 3pm.

#mysecuritytv #govware #sicw

...more
View all episodesView all episodes
Download on the App Store

Cyber Security Weekly PodcastBy MySecurity Media

  • 3.9
  • 3.9
  • 3.9
  • 3.9
  • 3.9

3.9

19 ratings


More shows like Cyber Security Weekly Podcast

View all
Security Now (Audio) by TWiT

Security Now (Audio)

1,976 Listeners

Risky Business by Patrick Gray

Risky Business

365 Listeners

Future Tense by ABC listen

Future Tense

73 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

366 Listeners

Politics Now by ABC listen

Politics Now

104 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Click Here by Recorded Future News

Click Here

412 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,879 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

166 Listeners

If You're Listening by ABC listen

If You're Listening

313 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

A Bit of Optimism by Simon Sinek

A Bit of Optimism

2,186 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

The TED AI Show by TED

The TED AI Show

46 Listeners