back

Hardening hardware and choosing a #goodBIOS

Clean boot every boot - rejecting persistence of malicious software and tripping up the evil maid

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:47:45
Language
English
Abstract
A commodity laptop is analyzed to identify exposed attack surfaces and is then secured on both the hardware and the firmware level against permanent modifications by malicious software as well as quick drive-by hardware attacks by evil maids, ensuring that the machine always powers up to a known good state and significantly raising the bar for an attacker who wants to use the machine against its owner.

Commodity computers by design include attack vectors that allow malicious software and attackers who gain brief physical access, so-called evil maids, to take full control over the machine without the owner ever noticing.

The presentation briefly enumerates well-known attacks such as remote DMA over IEEE1349/FireWire, BIOS bootkits, AMT and closed source operating system updates to arrive at a problem statement, and moves on in search of solutions which can block the attacks completely or at least hinder them from becoming persistent, starting a layer below them all; with the schematic of a laptop mainboard.

A few relatively simple hardware modifications are identified, which together with the coreboot #goodBIOS firmware prevent two entire classes of attacks.

The result is a machine which always powers up in a known good state and which must be under attacker control for 20 minutes in order to be compromised, rather than just 20 seconds.

In closing the presentation starts a discussion about what we can do to address this problem, which exists in every single computer on the market, on a larger scale.

Talk ID
5529
Event:
30C3
Day
1
Room
Saal 2
Start
6:30 p.m.
Duration
01:00:00
Track
Security & Safety
Type of
lecture
Speaker
Peter Stuge
Talk Slug & media link
30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 2 years, 10 months ago