In a modern system, the EFI environment holds particular fascination for security researchers and attackers due to the level of privilege it affords if compromise is successful. What’s This EFI Thing and Why Should I Care? Some further information comparing and contrasting certain aspects of BIOS and EFI can be found here. EFI is the pre-boot environment that has, by and large, replaced the legacy BIOS environment that had been common since the mid to late 1970s. The term firmware covers a wide range of things in a modern system, so for the sake of this study, we focused on looking at the security support given to EFI firmware. Over the last few months, Duo Labs has been working on a project researching the difference in security support provided by vendors to the firmware in their systems as compared to the software. This blog post summarizes some of the main areas of the research and interesting things we found during our analysis and acts as an accessible introduction to the technical paper which can be downloaded from the link below. In addition to the paper, we’re also pleased to be able to release some of the tooling and APIs we have developed during this work with the aim of helping Apple Mac users and admins get better visibility to the state of the EFI their Mac systems are running and any potential problems there may be. To accompany the conference talk, we are also releasing a technical paper that goes into greater detail covering the data we collected during our analysis. We are really excited to give a talk at Ekoparty in Buenos Aires on September 29th, 2017 covering some recent research we have done on the security support being given to Apple’s EFI firmware. Duo Labs SeptemRich Smith Pepijn Bruienne The Apple of Your EFI: Mac Firmware Security Research
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |