UEFI Rootkit Detection Framework at Black Hat 2013

UEFI Rootkit Detection Framework at Black Hat 2013

ReversingLabs, the global leader in static malware analysis tools and services, announced that it would present industry’s first open source Rootkit Detection Framework for UEFI (RDFU) at Black Hat 2013 happening July27 through August 1 in Las Vegas at Caesar’s Palace. The Black Hat conference session will also demonstrate Apple OSX bootkit in order to validate defensive measures of RDFU.

The RDFU project was funded through the DARPA Cyber Fast Track program and developed by ReversingLabs.  This program’s goal is to extend the existing performer base to include non-standard, cutting edge organizations and individuals throughout the cyber community, thereby strengthening the Department of Defense’s (DoD) Cyber Security capabilities.

 “Bootkits that infect UEFI based computers are not detected by today’s tools,” said Mario Vuksan, CEO of ReversingLabs. “These attacks are especially gnarly since they persist even when a computer is re-imaged.  The RDFU provides a comprehensive andextensible toolkit for UEFI bootkit detection.”

UEFI is a fully featured BIOS replacement that supports a wide variety of operating systems that has recently become a very public target for rootkits and malware. Last year at Black Hat 2012, an insightful talk highlighted the real potential for developing UEFI rootkits that are very difficult, if not impossible, to detect and eradicate. Since then, a couple of actual UEFI bootkits have appeared.

 To combat this new threat, ReversingLabs developed RDFU that incorporates a unified set of tools that address this problem across a wide spectrum of UEFI implementations. RDFU implementations address MacOS, Windows, VMWare and VirtualBox bootkits.

 Note: The views expressed are those of the author and do not reflect the official policy or position of the Department of Defense or the U.S. Government.

More News