HOPE X (2014): "Bootkits: Step-by-Step" (Download)
Sunday, July 20, 2014: 12:00 pm (Olson): Basic Input/Output System (BIOS) is firmware that boots older machines. Unified Extensible Firmware Interface (UEFI) is a combination of firmware and a boot-loader that boots newer machines. As a result of the leaks by Edward Snowden, the possible existence of rootkits that can affect the BIOS and UEFI has been widely reported. Both of these technologies exist in memory that is not typically accessible remotely, which makes infection particularly difficult. The location of these technologies is even difficult to reach by the operating system, which makes detection of such an infection at this level also a difficult problem. This talk will explore all of the steps that need to take place in order to accomplish this feat, review creative measures malware has taken to tackle these problems, and review methods for detection of these kinds of infections.