In a previous blog covering one of Binarly’s presentations at the Black Hat 2022 conference, we discussed in detail our research on attacks that disable Windows Management Instrumentation (WMI) and blind an entire class of endpoint security solutions. We introduced a template for attacks, dubbed ‘one-bit change attack’, on objects residing inside the WMI service address space. We also demonstrated another way to disable WMI by isolating the WMI service from the rest of the operating system through a sandboxing attack.

Only two months have passed since our Black Hat talk where we spoke about a bunch of discovered vulnerabilities. Our presentation at Black Hat revealed 12 serious vulnerabilities affecting enterprise devices industry-wide. The Binarly security research team continues to find evidence of repeatable failures in the firmware development ecosystem, exposing critical vulnerabilities that impact the entire industry rather than just a single vendor.

The Binarly security research team continues to find evidence of repeatable failures in the firmware development ecosystem, exposing critical vulnerabilities related to the ecosystem that impact the entire industry rather than just a single vendor.

The Binarly security research team has had a busy year finding, documenting and helping to fix high-impact vulnerabilities affecting multiple enterprise vendors. In this blog, we provide an in-depth look at some of the vulnerabilities we discussed at the Black Hat 2022 conference affecting HP EliteBook devices.

At the beginning of December, Binarly was very active in spreading the word about the problems in the firmware supply chain ecosystem at multiple security conferences. Alex Matrosov, the Binarly CEO, gave a keynote entitled “The Evolution of Threat Actors: Firmware is the Next Frontier” at AVAR conference in which he focused on the evolving threats coming from historically overlooked places below the operating system.