In recent days, the topic of UEFI firmware security is very hot. There is a long list of publications that have appeared over the last few years discussing disclosed vulnerabilities in UEFI firmware. These vulnerabilities allows an attacker to compromise the system at one of the most privileged levels and gain complete control over the victim’s system. In this presentation, authors will take a look at the state of the art attacks against UEFI firmware from practical point of view and analyze applicability of disclosed attacks in real life scenarios: whether these vulnerabilities can be easily used in real-world rootkits (OS-SMM-SPI Flash).
by Alex Matrosov and Eugene Rodionov
Full Abstract & Presentation Materials: