Binarly CEO to Present Cross-Silicon Firmware Vulnerabilities Affecting Ecosystems of Intel, AMD, and Qualcomm
LOS ANGELES, California - May 03, 2023 - Binarly Inc., providers of the industry’s first AI-powered firmware protection platform, will present groundbreaking research at several upcoming events to expose cross-silicon firmware vulnerabilities affecting Intel, AMD and Qualcomm ecosystems.
Binarly chief executive officer and head of research Alex Matrosov will take the stage to present a lecture on the future of advanced threats at the University of Southern California (USC) Information Sciences Institute
In the scheduled guest lecture
, Matrosov will discuss how firmware and OS complexity growth over the last few years have given attackers a sweet spot to maintain stealthy persistence, undetected by modern security solutions.
The lecture will focus on how we can improve the situation as defenders, and the areas of security research that will be crucial to help the industry to recover from repeatable failures in firmware security.
The Binarly CEO will also join the Black Hat Asia stage with a presentation titled “The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust” and a call for the industry to embrace transparency and visibility in the face of a supply chain security crisis.
The Black Hat Asia presentation
will include a deep dive on the multiple levels of complexity in the UEFI firmware ecosystem and supply chain taxonomy and how the updating realities are allowing attackers to use already known vulnerabilities (N-days) in their arsenal. The talk will also cover silicon vendor reference code vulnerabilities and major downstream impact being observed and new firmware attack vectors from the perspective of attacking the operating system or hypervisor.
At the Qualcomm Product Security Summit
, Matrosov will present a talk titled “A dark side of UEFI: The same classes of vulnerabilities affect multiple silicon ecosystems.” This presentation is an extension on Binarly’s research in January 2023 that included the disclosure of multiple vulnerabilities affecting Qualcomm reference code and impacting a wide range of device vendors and IBVs.
This was the first public disclosure in the history of UEFI specification related to the ARM device ecosystem and showed some of the attacks and classes of bugs affecting both ARM and x86 devices. During this session, which is also scheduled for Offensivecon 2023
, Matrosov will discuss the different aspects of unification of firmware development with frameworks like UEFI and the security implications from the attacker and defender perspectives.
The technical research and vulnerability findings are pivotal parts of the Binarly Transparency Platform, a solution that provides unprecedented transparency for device supply chains. The AI-powered platform enables device manufacturers and endpoint protection products to comprehensively analyze both firmware and hardware to identify vulnerabilities, misconfigurations, and malicious code implantation.
Founded in 2021, Binarly brings decades of research experience identifying hardware and firmware security weaknesses and threats. Based in Pasadena, California, Binarly’s agentless, enterprise-class AI-powered firmware security platform helps protect from advanced threats below the operating system. The company’s technology solves firmware supply chain security problems by identifying vulnerabilities, malicious firmware modifications and providing firmware SBOM visibility without access to the source code. Binarly’s cloud-agnostic solutions give enterprise security teams actionable insights, and reduce the cost and time to respond to security incidents.