Brian Vagnoni on 8 Oct 2007 03:15:36 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] More DefCon 15 Stuff Hacking The Extensible Firmware Interface


Again this isn't me just sharing the information:

Hacking The Extensible Firmware Interface
by John Heasman; NGSSoftware

"Macs use an ultra-modern industry standard technology called EFI to handle booting. Sadly, WinXP, and even Vista, are stuck in the 80's with old-fashioned BIOS. But with the Boot Camp, the Mac can operate smoothly in both centuries." - Quote taken from http://www.apple.com/macosx/bootcamp/

The extensible Firmware Interface (EFI) has long been touted as the replacement for the traditional BIOS and was chosen by Apple as the pre-boot environment for Intel-based MACs. This presentation explorers the security implications of EFI on firmware based rootkits.

We start the discussing the limitations of the traditional BIOS and the growing need for an extensible pre-boot environment . We also cover the key components of the EFI Framework and take a look at the fundamentals design decisions affecting the EFI and their consequences. Next we consider the entry points that an EFI system exposes - just how an attacker may set about getting their code into the EFI environment - taking the Apple MACBook as our reference implementation.

After demonstrating several means of achieving the above, we turn our attention to subverting the OS from below, drawing parallels wherever possible to attacks against systems running a tradition BIOS.

The final part of this presentation discusses the evolution of EFI into the Unified Extensible Firmware Interface (UEFI), soon to be supported by Windows Server (Longhorn) and discusses the application of the previously discussed attacks to UEFI.

http://video.google.com/videoplay?docid=2266957057236846371&hl=en

You get a video this time at the above link cause I couldn't find the slides.

Brian Vagnoni


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug