Hey all! Our next Duo Tech Talk will be from Rich Smith and Pepijn Bruienne from our Duo Labs team. They'll be talking about some recently published research on Apple's EFI security. Consistent EFI patching of vulnerabilities is a challenge for many OEMs, but Apple's vertical platform integration should theoretically enable it to do a better job than others. As usual, reality turns out to be a bit more complicated. :-)
Note: The talk will not be at the usual Duo office in Ann Arbor. It will be at our second A2 office at 130 S First St in our new venue space. Parking is available at any of the adjacent structures/lots.
The Apple of Your EFI: An Analysis of the State of Apple’s EFI Security Support
Duo Labs conducted an extensive data analysis on the state of Apple’s EFI security from two main perspectives. The first was analyzing all EFI update released by Apple since OS X[masked] through macOS[masked] to fully characterize the security support provided across different Mac models and OS versions, this also provided a baseline for the expected state Mac systems should be in. The second was an analysis across over 73,000 real-world Mac systems to compare the actual state of their EFI security against the expected state. Our findings cover a range of anomalies and security issues with the security support provided by Apple for their EFI firmware, more worryingly our analysis shows significant deviations in the real-world state of EFI firmware in Macs compared to the expected state which causes us to suspect a more systemic issue causing the failure of new EFI firmware that is supposed to be automatically installed alongside an OS update. In addition to the data analysis discussed above our research also aims to shine a light on to the mechanisms used to update Apple EFI itself and we discuss how the Apple’s EFI updater tools operate and the controls they have in place. These insights come from the the binary analysis of the tools themselves and we believe has not been discussed in detail up until now. Alongside our findings in the form of a technical paper we are also releasing a tools and API’s to enable admins and end users to have far greater visibility to the state of the the EFI firmware on their Apple systems and to understand the security implications that it may contain.
Rich Smith is the Director of R&D for Duo Labs and supports the advanced security research & development agenda for Duo Security, he is also a co-author of the new book 'Agile Application Security' published by O'Reilly. Prior to joining Duo, Rich was Director of Security at Etsy, co-founder of Icelandic red team startup, Syndis, and has held various roles on security teams at Immunity, Kyrus, Morgan Stanley, and HP Labs. Rich has worked professionally in the security space since the late 90’s covering a range of activities including building security organizations, security consulting, penetration testing, red teaming, offensive research, and developing exploits and attack tooling. He has worked in both the public and private sectors in the U.S., Europe, and Scandinavia, and currently spends most of his time bouncing between Detroit, Reykjavik and NYC.
Pepijn Bruienne is a Research and Development Engineer at Duo Security in Ann Arbor, Michigan. He breaks Macs to help his employer's customers be more secure. With more than a decade and a half of experience in a variety of Mac Admins areas, his skills include Systems Administration, Operations Management, Mac/Linux/Windows Server and Desktop integration, software deployment, configuration management and process automation.
Claim the event and start manage its content.I am the organizer