Nowadays it’s difficult to find any hardware vendor who develops all the components present in their platform. The big piece of it outsourced to OEM’s includes firmware too. That creates additional complexity and limits hardware vendor control under the platform. That creates not only supply chain security risks but also produce security gaps in the threat modeling process by design.
In most cases hardware vendor separate threat model and security boundaries for each hardware component present on the platform but in reality, it misses a lot of details which is directly reflected on platform security. This talk will look through the prism security problems and vulnerabilities created over those architecture design mistakes.
Alex Matrosov is well recognized offensive security researcher. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Alex served as Senior Principal Security Researcher at Nvidia, Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers, and is a frequent speaker at security conferences, including REcon, Zeronigths, Black Hat, DEFCON, and others. Additionally, he is awarded by Hex-Rays for open-source plugin HexRaysCodeXplorer which is developed and supported since 2013 by REhint's team.