This talk is going to be all about how the automation of BIOS vulnerability exploitation and leveraging of built-in capabilities can yield highly portable UEFI firmware malware. And how millions of systems will be vulnerable for years, because no one cares enough to patch the BIOS bugs we’ve found.
So you think you’re doing OPSEC right, right? You’re going to crazy lengths to protect yourself, reinstalling your main OS every month, or using a privacy-conscious live DVD like TAILS. Guess what? BIOS malware doesn’t care! BIOS malware doesn’t give a shit!
Despite us disclosing numerous BIOS vulnerabilities, many people still doubt the feasibility of widespread BIOS infections. As newly independent researchers, with no need to get public release approvals, we can now combat that fallacy in the most direct fashion: live demonstrations of BIOS infection across multiple vendors’ machines! We’re not yet spreading via #badUSB, but stay tuned. ; )