BIOS Firmware Implementation Vulnerabilities Disclosed at Black Hat

Today’s topics include researchers revealing BIOS firmware implementation flaws at the Black Hat security conference; a report on how antivirus software’s use of the cloud is exposing customers to data exfiltration; Amazon’s second-quarter earnings falling far short of projections; and Cray and Seagate partnering to develop ClusterStor for HPC.

At the Black Hat USA security conference in Las Vega, Alex Matrosov, principal research scientist at Cylance, detailed multiple issues he found in Intel UEFI firmware protections used by major motherboard vendors.

The Unified Extensible Firmware Interface, or UEFI, is typically the lowest level of software that runs on a modern motherboard, helping to boot the system into a ready state for use. Intel has multiple technologies to help secure firmware against attacks, including Boot Guard and BIOS Guard.

In an interview with eWEEK prior to his session, Matrosov said he found at least six vulnerabilities in how the firmware protections were implemented by motherboard vendors. The flaws are not in Intel's firmware security technologies but rather in how vendors used the technology, according to Intel.

Locked down networks with no direct Internet access could still be infected with malware and have data exfiltrated through a brazen technique that uses the environment’s own security software as a channel to the Internet, according to a presentation two researchers delivered at Black Hat USA on July 27.

The technique exploits some antivirus software’s reliance on cloud analysis systems—or sandboxes—to determine if a suspicious program is considered malicious, according to the two researchers, who work for security services firm SafeBreach. The technique is not about infecting a system in a network—it assumes that a system has already been compromised—but about copying data from a system that is not otherwise connected to the internet.

To communicate with attackers’ servers on the Internet, a compromised system could generate throwaway viruses that would get sent to an antivirus system’s cloud, and from there, execute in the sandbox, using one of many types of covert channels to exfiltrate data, the researchers said.

Amazon's second-quarter earnings were a surprising dud July 27, causing some alarmed investors to sell off their shares as the stock price took a hit.

The world's largest online marketplace fell far short of Wall Street analysts' expectations in its second-quarter 2017 report, missing profit forecasts by more than a dollar a share and providing a less-than-robust outlook for the third quarter.

Amazon reported earnings per share of 40 cents, while Wall Street Bloomberg analysts were expecting $1.42 a share, causing a number of investors to divest the stock. In after-the-close trading, the stock was down $29 a share, or nearly 3 percent, to $1,017.

Supercomputer maker Cray is focusing more of its corporate attention on improving data storage for ultra-high-end computing systems. The Seattle-based company revealed July 26 that it has signed an agreement with Seagate, creating a partnership around Seagate’s ClusterStor high-performance storage product line.

Cray will add the ClusterStor product line to its DataWarp and Sonexion storage products and will supply additional development of the ClusterStor product line and support its customers, the company said.

In 2012, Cray became Seagate’s first original equipment manufacturer.