Are You Giving Firmware Attackers a Free Pass?

Abstract

Yes. Yes you are. Because you’re not patching away the vulnerabilities we and others have found and disclosed, and you’re not inspecting whether anyone has infected your firmware. This talk provides an introduction to firmware threats & capabilities. But because it is longer than previous talks like “Betting BIOS Bugs Won’t Bite Y’er Butt?”, a special emphasis is placed on including actions organizations can take immediately to mitigating firmware vulnerabilities and infections, above and beyond patching.