Firmware Security 101 presented at BSidesLasVegas 2018

by Arpita Biswas,

Summary : More often than not, firmware is seen as an intriguing no man’s land -neither software nor hardware exclusively. However, increasing interest in firmware binaries is challenging their security, which has depended on obscurity for decades. As attackers focus more on them, understanding the fundamentals of firmware become more relevant to be able to defend ourselves better. This talk is derived from my personal experiences of tinkering with firmware without any formal learning in it. It is intended as an introduction for anyone who is interested in firmware security but doesn’t know where to start from.I will talk about:(1) System architecture.(2) Firmware flavors – BIOS and UEFI(3) Attack vectors(4) Defensive approaches.(5) Open source firmware tools.Hopefully, by the end of this talk, the audience will have a big picture of firmware architecture and security measures.