Alex Matrosov

Alex Matrosov

Alex Matrosov is CEO and Founder of BInarly Inc. where he builds an AI-powered platform to protect devices against emerging firmware threats. Alex has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. He served as Chief Offensive Security Researcher at Nvidia and Intel Security Center of Excellence (SeCoE). Alex is the author of numerous research papers and the bestselling award-winning book Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. He is a frequently invited speaker at security conferences, such as REcon, Black Hat, Offensivecon, WOOT, DEF CON, and many others. Additionally, he was awarded multiple times by Hex-Rays for his open-source contributions to the research community.

The firmware supply-chain security is broken: can we fix it?

Nowadays, it’s difficult to find any hardware vendor who develops all the components present in its products. Many of these components, including firmware, are outsourced to ODMs. As a result, this limits the ability of hardware vendors to have complete control over their hardware products. In addition to creating extra supply chain security risks, this also produces security gaps in the threat modeling process. Through this research, ​we wanted to raise awareness about the risks in the firmware supply chain and the complexity of fixing known vulnerabilities.

The firmware patch cycles last typically around 6-9 months (sometimes even longer) due to the complexity of the firmware supply chain and the lack of a uniform patching process. The 1-day and n-day vulnerabilities in many cases have a large impact on enterprises since the latest firmware update wasn’t installed or the device vendor had not released a patch yet. Each vendor follows their own patch cycle. Even known issues may not be patched until the next firmware update is available.

We decided to build an open-source framework to identify known vulnerabilities in the context of UEFI specifics, classify them based on their impact and detect across the firmware ecosystem with the help of the LVFS project. We will be sharing our approach as well as the tooling we have created to help industry identify the problems and get patched.

The firmware supply-chain security is broken: can we fix it? (Workshop)

Nowadays, it’s difficult to find any hardware vendor who develops all the components present in its products. Many of these components, including firmware, are outsourced to ODMs. As a result, this limits the ability of hardware vendors to have complete control over their hardware products. In addition to creating extra supply chain security risks, this also produces security gaps in the threat modeling process. Through this research, ​we wanted to raise awareness about the risks in the firmware supply chain and the complexity of fixing known vulnerabilities.

The firmware patch cycles last typically around 6-9 months (sometimes even longer) due to the complexity of the firmware supply chain and the lack of a uniform patching process. The 1-day and n-day vulnerabilities in many cases have a large impact on enterprises since the latest firmware update wasn’t installed or the device vendor had not released a patch yet. Each vendor follows their own patch cycle. Even known issues may not be patched until the next firmware update is available.

We decided to build an open-source framework to identify known vulnerabilities in the context of UEFI specifics, classify them based on their impact and detect across the firmware ecosystem with the help of the LVFS project. We will be sharing our approach as well as the tooling we have created to help industry identify the problems and get patched.

Workshop outline:

  • Why it's important to get patched in time, and why your EDR won't help you with compromised firmware?
  • The uefi_r2 scanner details internals (https://github.com/binarly-io/uefi_r2)
    • How semantic code annotations work to bring UEFI codentext for code analysis
    • How to scale uefi_r2 scanner in enterprise infrastructure?
  • Deep dive into FwHunt rules format
    • What is the difference between detecting new and known issues?
    • How does the FwHunt detection work on different layers PEI/DXE/SMM?
  • LVFS integration of uefi_r2 and FwHunt
    • How patch the industry deal with the help of LVFS?
  • Future plans and upcoming updates for FwHunt technology

Open-Source Firmware Foundation - Discussion Round

The Open-Source Firmware Foundation has been founded 6 month ago - we like to look back on the founding process, and like to invite guest to talk about workstreams within the OSFF, and the future of open-source firmware.

Confirmed Guests:

  • Philipp and Chris summarize the past year, trying to bring the foundation to live and solving problems along the way.
  • Alex Matrosov is one of the first individuals leading the security workstream within the Open-Source Firmware Foundation
  • Bryan Cantrill, Co-Founder of Oxide, refers about open-source firmware and the rising importance of OSF within the industry
  • and some more..

Join in on 45 minutes of "behind the scenes" of the OSFF and general talks on why OSF is important. We will shim some light on these topics from an industry point-of-view.

This session will be moderated by 9elements which will guide you through the discussion.