当企业基于对硬件和固件级别的信任,建立他们的安全模型时, 他们简直就是在沙子上建城堡。本周, 安全研究人员将在黑帽大会上反复抨击这个方面, 他们会展示一系列的漏洞、攻击技术和工具, 这些都是为了尽可能接近系统的本质。Zanero 是米兰理工的研究员和副教授,, 也是一位黑帽审查委员会成员表示。
"研究人员已经开始真正挑战我们对平台安全性的假设, 并进行深入探讨,"
"这些都是我们计算机上最基本的硬件功能,一群非常非常有限的人已经持续关注了它们几十年, 但是现在现在这些硬件功能,正变得越来越重要."
这是一个危险的漏洞类别, 因为它们会让上层的安全防护完全没有意义。利用硬件、固件和指令集的低级漏洞, 攻击者可以悄悄地、持续地对即使是安装了全部补丁和进行了防御的设备进行完全控制。
这是本周最有料的事情了。
Taking DMA Attacks To The Next Level: How To Do Arbitrary Memory Reads/Writes In A Live And Unmodified System Using A Rogue Memory Controller
让dma 攻击进入下一个级别: 在实时和未修改的系统中,如何使用无管理内存控制器,进行任意内存读写操作
Wednesday, July 26 | 11:15am-12:05pm | Mandalay Bay CD
Speakers: Anna Trikalinou, Dan Lake
来自 intel 的两位研究人员将演示一种几乎无法检测到的直接内存访问攻击, 它利用了一个在 dimm 设计中的缺陷,如果攻击者对某个设备具有物理访问权限, 就可以实施该漏洞。他们将展示这种技术,如何使攻击者能够在没有任何特殊端口或侵入性硬件修改的情况下, 读取和修改休眠状态下的机器内存内容。
Breaking The x86 Instruction Set
破解x86指令集
Thursday, July 27 | 5:00pm-6:00pm | Mandalay Bay EF
Speaker: Christopher Domas
来自 Battelle Memorial Institute一名高级研究员,将深入研究 x86 芯片组中的新缺陷, 包括机器指令、软件错误、管理程序缺陷和硬件缺陷。另外, 他还将发布一个新的黑客处理器工具, 并给观众展示一些使用技巧。
Fractured Backbone: Breaking Modern OS Defenses With Firmware Attacks
断裂的主干: 使用固件攻击,打破现代操作系统防御体系
Wednesday, July 26 | 2:40pm-3:30pm | Lagoon DEFJKL
Speaker: Andrew Furtak, Mikhail Gorobets, Oleksandr Bazhaniuk, Yuriy Bulygin
mcafee 的一组研究人员,研究了 windows 10 系统的低级固件漏洞,展示突破该操作系统Hyper隔离机制。他们将提供有关详细信息, 看看如何轻松地破坏基于虚拟化的安全性 (vbs)。(在今年6月份,就出现过 虚拟化Hypervisor恶意软件,研究员称没有系统符合数据安全标准 )
Hacking Hardware With A $10 SD Card Reader
用10美金的SD读卡器破解硬件
Wednesday, July 26 | 1:30pm-2:20pm | Mandalay Bay EF
Speaker: Amir Etemadieh, CJ Heres, Khoa Hoang
硬件破解是一个众所周知的困难事情,没有大量的资金,更没有完整的实验室。但是, 虚拟化让这个事情有了转机, 个别研究人员开始有这个能力进行深入研究。这组研究人员将展示,如何通过使用标准的10美元 sd 读卡器,来展示他们的黑客方法达到什么程度。
Firmware Is The New Black - Analyzing Past Three Years Of BIOS/UEFI Security Vulnerabilities
固件是新的黑洞:分析过去三年中bios/uefi 安全漏洞
Thursday, July 27 | 2:30pm-3:20pm | Lagoon DEFJKL
Speaker: Bruce Monroe, Rodrigo Branco, Vincent Zimmer
Representatives from the Intel Product Security Incident Response Team (PSIRT) plan to get under the hood with technical details from over 90 security vulnerabilities in BIOS/UEFI platform firmware handled by PSIRT in recent years. The lessons they'll dredge up from their analysis will make it clear that BIOS and UEFI are providing attackers with easy ways to escalate privileges, escape security sandboxes and establish persistent control over machines.
Betraying The BIOS: Where The Guardians Of The BIOS Are Failing
背叛 bios:bios 的守护者正在失效
Thursday, July 27 | 5:00pm-6:00pm | South Seas ABE
Speaker: Alex Matrosov
With HackingTeam and state-sponsored attackers tipping their hands about how much they value vulnerable firmware for their attacks, security defenders are starting to get wise. But technologies like Intel Boot Guard and BIOS Guard that are meant to thwart UEFI rootkits still suffer from weaknesses. This researcher from Cylance will explain what he's discovered through probing reverse engineering efforts.
Evilsploit – A Universal Hardware Hacking Toolkit
Evilsploit通用硬件黑客工具包
Wednesday, July 26 | 4:00pm-4:50pm | South Seas CDF
Speaker: Chui Yew Leong, Mingming Wan
Speaking of reversing, this pair of Chinese researchers is hoping to help hardware hackers put their attacks on rails with a new tool that's designed to speed the identification and manipulation of provisioning ports and potentially automate the process of accessing debugging and dumping firmware for further exploration. This tool is designed to help all nature of signal analysis, side-channel analysis and fault injection.