[Note: We’re going to try and post a blog entry for major firmware vulnerabilities that impact enterprises, and the recent Intel AMT vulnerability seems like a good place to start.] Technology Overview: Quoting Wikipedia, “Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, in order to monitor, maintain, update, upgrade, and repair them. Out-of-band (OOB) or hardware-based management is different from software-based (or in-band) management and software management agents.” Intel AMT is a firmware technology that runs on the Intel ME processor.
We are offering a training at LOPSA Cascadia IT Conference on Friday March 10th in Seattle, titled “Defending System Firmware.” Register for the conference here: https://www.casitconf.org/casitconf17/register-now/ This is our first hands-on training, where you’ll be running the tools yourself, and we will see live test results. Most enterprises only defend operating system and application software; system and peripheral firmware (eg., BIOS, UEFI, PCIe, Thunderbolt, USB, etc) has many attack vectors. This workshop targets enterprise system administrators responsible for maintaining the security of their systems.
I attended LISA 2016 in Boston primarily to staff the exhibit hall booth for the League of Professional System Administrators (LOPSA, http://lopsa.org). While I was there I took advantage of the opportunity to talk to a large number of system and network administrators, devops, system engineers and other IT professionals. Unsurprisingly, as a group USENIX attendees were fairly aware of firmware security issues, and various exploits that have been mentioned at security oriented conferences.
Hear our CTO, Lee Fisher speak at BSides PDX Lee Fisher will be giving a talk at BSides PDX on Saturday morning, October 15. His talk is in the track “Security & Usability for *Ops” moderated by Marie VanCleave. Lee has presented at BSides PDX before, giving a multi-hour tutorial on various firmware security tools. This year his talk is titled “Firmware tools for Security Researchers.” Be sure and attend to get current information on firmware level tools and how to use them.
Welcome to the PreOS Security Blog The personal blog of our CTO, Lee Fisher will probably be well known to many of you: http://firmwaresecurity.com . All of us, including Lee will be blogging in this space on topics aimed more directly at our customers and and partners. Perhaps the first question worth considering - what do you mean by firmware security? While our tools often run at the Operating System level, PreOS is working, as the name implies below the level of the Operating System most of the time.