LABScon Replay | Spectre Strikes Again: Introducing the Firmware Edition

We Keep you Connected

LABScon Replay | Spectre Strikes Again: Introducing the Firmware Edition

The excitement surrounding speculative execution attacks may have subsided, but sadly, such threats remain. Binarly Research has discovered a vast attack surface still vulnerable to known issues like Spectre v1 and v2 on AMD silicon. Ineffective mitigations and the complexity of validation negatively impact the AMD device ecosystem.
While the industry is currently concentrating on constructing confidential computing infrastructure, foundational design problems reveal a lack of basic security at the hardware level. This discovery was made possible due to the asynchronous nature of firmware and hardware security fixes development.
Throughout their lifecycle, devices are susceptible to security issues due to the asynchronous nature of firmware security fixes delivery from multiple parties and the asynchronous nature of the supply chain. The lack of transparency in vendor security advisories results in an opaque channel for informing customers about the criticality of released security fixes and leads to varying approaches to patching widespread vulnerabilities with industry-wide implications.
Even major silicon vendors develop mitigations for side-channel attacks differently. This situation presents an opportunity for potential threat actors to exploit known speculative attacks like the 5-year-old Spectre or the 1-year-old Retbleed. A new perspective is needed to construct an attack vector that utilizes speculative attacks to target UEFI-specific firmware vulnerabilities.
In this presentation, we discuss our research into the potential use of speculative attacks against the System Management Mode (SMM) on AMD-based devices and outline the methodologies we employed throughout our research investigation.

Alex Matrosov is CEO and Founder of Binarly Inc. where he builds an AI-powered platform to protect devices against emerging firmware threats. He is the author of numerous research papers and the book Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. He is a frequently invited speaker at security conferences, such as REcon, Black Hat, Offensivecon, WOOT, DEF CON, and many others.
This presentation was featured live at LABScon 2023, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLabs.
Get notified when we post new content.
Thanks! Keep an eye out for new content!
In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.
Get notified when we post new content.
Thanks! Keep an eye out for new content!