0:02

You're listening to the CyberWire Network

0:04

powered by N2K. The

0:15

word is UEFI. The

0:23

word is UEFI. The

0:32

word is

0:35

UEFI. The

0:38

word is UEFI. The

0:48

word is UEFI or

0:50

System. Example

0:54

sentence. UEFI

0:57

provides enhanced control, security, and

0:59

manageability of the system's start-up

1:01

process. Origin

1:09

and Context. In

1:12

the 1980s, the personal computer boot

1:14

process goes through two stages. A

1:16

power-on self-test or post-hardware phase that

1:19

ensures the necessary components are present

1:21

and functioning properly. And

1:24

a basic input-output system or BIOS

1:26

software phase that tells the CPU

1:28

how to load the operating system.

1:31

By the late 1990s, Intel, the

1:33

chip manufacturer, and other vendors started

1:35

working on ways to add more

1:37

functionality to the BIOS software stage

1:39

and to overcome the limitations of

1:41

the original design. By

1:43

the mid-2000s, hardware and software

1:46

vendors formed the UEFI Forum

1:48

to advance innovation in firmware

1:50

technology standards. The question is,

1:53

what happens if adversaries compromise the

1:55

interface? That situation

1:57

would give malicious teams an almost

1:59

invisible persistence, a

2:01

stealth beachhead, to begin traversing the

2:03

intrusion kill chain. Since

2:05

the boot process runs the UEFI

2:08

program before the operating system loads,

2:10

the traditional endpoint protection solutions

2:13

like antivirus and EDR or

2:15

endpoint detection response can't

2:17

completely eradicate a compromised UEFI

2:19

system. Those prevention controls

2:22

aren't running during the boot process.

2:24

Even after the boot, if they detected

2:26

clues that hackers compromised the interface and

2:29

succeeded in deleting the associated

2:32

artifacts, the compromised UEFI program

2:34

would just reestablish itself at

2:36

the next reboot. There

2:38

are ways to harden the UEFI system

2:40

to reduce the likelihood of compromise, but

2:42

they can't be implemented while the operating

2:44

system is running. That installation

2:46

friction prevents many PC owners from

2:49

deploying them. Nerd

2:57

reference. According to Andy

3:00

Greenberg at Wired Magazine, the

3:02

CIA may have been the first nation

3:04

state to get caught using this technique

3:06

and also prove that some of their

3:08

developers are Dr. Hoofans. The Vault

3:10

7 cache of secret CIA documents

3:13

released by WikiLeaks in March of

3:15

2017 describe a series of hacker

3:17

tools or a UEFI attack. One

3:20

called the Sonic Screwdriver in a nod

3:23

to the British television's long-running sci-fi show

3:26

modified the firmware of a standard

3:28

Apple Thunderbolt to Ethernet adapter that

3:31

tricked a Mac into booting its operating

3:33

system from a spoofed network source that

3:35

the adapter impersonates. According

3:38

to Craig Elby at the Screen Rant

3:40

website, the current iteration of

3:42

the Time Lord's Sonic Screwdriver is

3:44

quote, a weapon, a tool, a

3:46

scanner, and a plot device all

3:48

rolled into one convenient package, unquote.

3:51

But when it was first introduced in 1968, it

3:54

was literally just a screwdriver used by the

3:56

good doctor to repair a broken pipe and

3:59

look like a small metallic pencil with a

4:01

light at the end. With

4:03

all of that said, at least we know that

4:05

somebody in the CIA is a Doctor Who fan.