UEFI Rootkit Detection Framework at Black Hat 2013

6th August 2013 Cambridge, MA Approved for Public Release, Distribution Unlimited ReversingLabs to Present an Open Source UEFI Rootkit Detection Framework at Black Hat 2013 The Black Hat Session on BIOS security will introduce the UEFI Rootkit Detection Framework validated by demonstration of an Apple OSX bootkit.

ReversingLabs, the global leader in static malware analysis tools and services, announced that it would present industry’s first open source Rootkit Detection Framework for UEFI (RDFU) at Black Hat 2013 happening July27 through August 1 in Las Vegas at Caesar’s Palace. The Black Hat conference session will also demonstrate Apple OSX bootkit in order to validate defensive measures of RDFU.

The RDFU project was funded through the DARPA Cyber Fast Track program and developed by ReversingLabs.  This program’s goal is to extend the existing performer base to include non-standard, cutting edge organizations and individuals throughout the cyber community, thereby strengthening the Department of Defense’s (DoD) Cyber Security capabilities.

 “Bootkits that infect UEFI based computers are not detected by today’s tools,” said Mario Vuksan, CEO of ReversingLabs. “These attacks are especially gnarly since they persist even when a computer is re-imaged.  The RDFU provides a comprehensive andextensible toolkit for UEFI bootkit detection.”

UEFI is a fully featured BIOS replacement that supports a wide variety of operating systems that has recently become a very public target for rootkits and malware. Last year at Black Hat 2012, an insightful talk highlighted the real potential for developing UEFI rootkits that are very difficult, if not impossible, to detect and eradicate. Since then, a couple of actual UEFI bootkits have appeared.