Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Security Industry Incapable of Finding Firmware Attackers 94

Posted by Unknown Lamer from the just-use-coreboot dept.
New submitter BIOS4breakfast writes "Research presented at CanSecWest has shown that despite the fact that we know that firmware attackers, in the form of the NSA, definitely exist, there is still a wide gap between the attackers' ability to infect firmware, and the industry's ability to detect their presence. The researchers from MITRE and Intel showed attacks on UEFI SecureBoot, the BIOS itself, and BIOS forensics software. Although they also released detection systems for supporting more research and for trustworthy BIOS capture, the real question is: when is this going to stop being the domain of research and when are security companies going to get serious about protecting against attacks at this level?"
This discussion has been archived. No new comments can be posted.

Security Industry Incapable of Finding Firmware Attackers More

Security Industry Incapable of Finding Firmware Attackers

Comments Filter:

  • Re:Least interest (Score:4, Informative)

    by Anonymous Coward on Wednesday March 19, 2014 @12:48PM (#46525191)

    Nice try, but it runs in ring 0, so it can jump into the kernel anywhere it wants.

  • Attacks on UEFI... (Score:4, Informative)

    by Obfuscant ( 592200 ) on Wednesday March 19, 2014 @01:00PM (#46525275)
    Would that include "attacks" that allow OSs other than the officially state-approved and certificate-signed ones to be booted. Like that hacker-prone and highly illegal "Linux" thing I've been hearing about? I'm glad that researchers are protecting us against such flim-flammery and obviously dangerous stuff.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close