You've Already Been Hacked: What if There Is a Backdoor in Your UEFI OROM?
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk, presented by Kazuki Matsuo, delves into the often-overlooked security implications of **Option ROMs (OROMs)** found on PCIe devices. The core premise is that these small, embedded firmware chips can serve as an exceptionally stealthy and powerful vector for sophisticated **UEFI firmware backdoors**. Matsuo investigates the capabilities of such backdoors, the advantages they offer to attackers, and the challenges in defending against them. The research highlights a critical blind spot in current firmware security practices, particularly concerning the supply chain integrity of hardware components.