Newsletter Q3 2018 - fwaudit releases, e-book, Black Hat, proactive firmware evaluation

August 6, 2018

fwaudit updates

Our open source firmware security tool released in March at UEFI Plugfest has some updates, now tagged as release 0.0.2. We’ve made some bugfixes, added support for an Intel AMT vulnerability test and cleaned up the code.

We still consider this code “PRE ALPHA” and we’ll let you know when it is starting to be more useful and have fewer known defects.

Syslog support under Linux is working in this release, and we think that is an important milestone for enterprise use - assuming you have centralized syslog aggregation in place. Do you? We’d like to know.

We’d also like to know what are the next most important features to you for a firmware security automation tool.

We have dedicated email lists for fwaudit, both -announce and -discuss. Sign up here:

fwaudit-announce:

https://lists.preossec.com/mailman/listinfo/fwaudit-announce_lists.preossec.com

fwaudit-discuss: https://lists.preossec.com/mailman/listinfo/fwaudit-discuss_lists.preossec.com

E-Book Released

After a long wait, we’re proud to announce that the e-book: “Platform Firmware Security Defense for Enterprise System Administrators and Blu Teams” is released.

We decided to license the book CC BY-NC-SA, so we will publish the source and build files directly on Github (https://github.com/PreOS-Security/) once we’ve tidied them up a bit. Once it is on Github, you’ll be able to submit pull requests. Until then, email [email protected] with feedback.

If you have trouble with the email attachments, you can download them from an unlinked URL on our corporate site:

https://preossec.com/products/ebook-download

Black Hat USA 2018

Are you going to Black Hat? We’ll be doing a demo of the new release and improvements to our open source firmware security software fwaudit at the Arsenal Tools Demo. We’d love to meet up with you!

https://www.blackhat.com/us-18/arsenal/schedule/index.html#firmware-audit-platform-firmware-security-automation-for-blue-teams-and-dfir-11359

Contact both of us at:

[email protected]

New Proactive Single Make/Model/Revision Firmware Security Evaluation

We’re both pretty excited to offer a new report. Ship us any single make / model / revision of hardware, we’ll do an in-depth firmware security report. Use this report to inform purchasing decisions, system security positioning, and improve IT procedures such as firmware updates and incident response.

We will lead by posting example reports to this https://firmwaresecurity.com, in sections as (tagged!) blog posts, for:

  • Lenovo Carbon X1 6th Generation

  • Dell XPS 13 9370 (Early 2018)

Once we’re done, you’ll be able to access the full reports as a pdfs on the corporate site:

https://preossec.com/services/single-variant-firmware-security-report/

$500 USD.

We will run all publicly available firmware and hardware vulnerability tools and check version numbers, for known issues such as:

  • Intel AMT

  • Intel ME

  • AMD PSP

  • Spectre

  • Meltdown

  • Microcode

  • Rowhammer

We’ll include a comprehensive list of firmware on the system, and highlight potential issues such as:

  • Closed source binary blobs

  • Modifiable firmware

  • How it can be modified (eg: desoldering and flashing chips, JTAG, I2C, etc)

  • Compliance with applicable NIST standards

  • Tools, updates and support availability from component manufacturer, and OEM

  • We will look for operational support, such as signed firmware updates via Windows update and Linux Vendor Firmware Service (aka: fwupd).

We will make recommendations if this system should not be used in sensitive areas such as:

  • Executives (CEO, CTO, etc)

  • Finance

  • Legal

  • Critical Infrastructure

  • DOD

  • PCI

  • HIPAA