What You Don't Know About Firmware Can Get You 0wn3d

all right so my name is Preston we're gonna start off with the presentation sitting I'm not a security person but I try that'll become more obvious as we go through the presentation I work on firmer working past 21 years not saving these entire I have moved through development testing stuff works kind of projects into what they call technical marketing which is explaining things to evil in English technobabble this presentation is kind of a blend of those two things I want to basically bring firm where everybody's attention because we pay attention to stuff like black hat which is very hot place here isn't quite as good and they scare you pretty much three four days when you should be in

this no and so you vote with a product I got a do you know that the biggest comments last year I want to talk about firmware which most people either company there was BIOS because it's kind of important it's the first code word on your back man another important term motherboard that gets control of the systems would you vote and you see the little spinning wheel with a logo of the company about glass top drum or your way to a graphics card come up there on your monitor and you look that's firmware doing it and it hasn't gets control of reset your system motherboard it's also responsible for making sure all the hardware your platform is working if you have the kind

of thing like a real desktop system that all people let me do it additionally I'll be adding our second size of memory do the best behind asymmetries last time was over the same sentence now because of this and by the way oh well usually lives on a little that's an evening about SPI serial interface those that's world it looks so pretty organ on your chip that could be 4 to 16 gigabytes though anybody to recently wrote the program under 16 megabytes okay boring right you should all know that when we turn the motherboard on a little bit more that makes it go you go laughs you're finding places to drop things into this code because it's

persistent code Lord if I get one of those nasty supposedly Russian by we see things that interest my hard drive in asking me for Bitcoin I'm gonna politely use a hand gesture yeah I'll just tell them the number for my near send the programmers all laughed so it's a bit messy leftover videos I'm like so what's that happens I'm gonna love my mini backups I'm kind of gonna like it a lot box nothing but really cheap Jason but now that it's persistent code on the motherboard somebody gets an e to that firmware can't format that out I have a great system that's basically going into the junker or for me and I can probably have ever not do something with it okay

so this has now become the new places where people want to do dip things in my stuff that makes your job security professionals a lot hurt it's my don't forgot a lot more that I look at the stuff that you're learning because right UTC's assembly programming background right great stuff so what I want to talk about is why firm is critical so that you know why you should care for the next 28 minutes and change why it's a popular target for attackers the kinds of things that can be done at a firm alert equity or threat or your with your exposure and then why does Super Mario Brothers job okay we're not going to cover a couple of things it's not

specifically tax set so I don't have the same problem the other guy does about not being able to say stuff like real good at least but it's not really oh stop but I'm not doing to cats how to write it you want a little that stuff and summary Vegas not himself a little expensive I'm not going to tell you how to build through where because even after 21 years and still kind of figuring that out I will provide lays responsibly to do this news and open source tools I'm not going to talk about not insult attacks an area I work for Intel site in super mario stuff back representing land water they probably have different feelings

about something the games I'm going to put in here whatever what it is is that not mesquite bill competition not everyone said these people not gonna do that I knew those people we work on spec groups they might need ears in this okay again you have to go to a very strange place to understand this you have to go into the mine correctly no news they exist our guy who has technical marketing his job title is needed more choice but let's take it to the farmer guy sorry I'm the only one who signed the release and look inside their brains you know place and I understand how I think about firmware to understand why I

choose the word wanted for decades continuing and hopefully clear them doesn't my housing people yet first of all welcome to I heard from goal for North Carolina last year's in high school I went to hospital sentiment attitude of North Carolina in 1400 our mascot is the Union that's where I am you got all the Nerds 500 of them into the school and then you think the mythical creature who eat meat you things would be done ass continent nice job when you noticed coming to Nashville is bridges this is already Parkway how many car commercials did you see as a total idiot going they shut that BMW commercial but we're Ridge Parkway sly over shots by the way it's gorgeous thanks mom

going into all of the film business the cast of Sleepy Hollow says we get the tax breaks and take all your ruining and aluminum rages are really important you I spend a lot of time Portland or Intel has its largest concentration employees bridges when you have bridges that it limited we had to find a couple of months ago Olinda is an interesting kind of thing so we have three interstates when east-west to yourself which temporarily combinedly little why did they combine in the middle because EMP doesn't do redundancy very well and somebody thought if I have two interstates in the same place that's twice the devil funding on some highway pavement that means there was a choke

point the Lord to state highways yeah that happens I was in China I was in Shanghai the day before I flew back I just the traffic is so much more than that seem that is in Shanghai between six million people yes exactly and it latest said old my sweetie don't ask them and I saw this pop up but mine maybe I will stay in this taxi cab we can fix this in record time because we threw millions of dollars as he focus to the contractor to fix this ahead of schedule it is the nicest less than a mile of Haven all the so I think a firmware like infrastructure because it is the thing that at the bottom of the

software stack Louis Park software steadiness and right the very little lives at you a mantra code words to understand now because I travel internationally a lot do conferences here if you want to apply fountain it's a water gun pretty water I will drink the water gun now if I move say to mission I've been a fade before I push the button on the water come who look out and see continue on the water tower and then go right I should probably go down the street and get a fresca and you end up assembly code this is the image independent you're done right reading somebody's uncommitted didn't it like a Perl script and this is kind of what you

have in your head this is the way a lot of people don't run where it's just as lovable thing I'll get to the cool OS code later I mean just meeting this worker you know this is just like take the veil anyone and really look at this especially new meta devices Dickies on the internet there's a lot of this stuff going on in the design because it's just it's just food I'm denying ties it has to be while architected so a lot more people are learning that we need to think like a better blonde right anybody doesn't know but simple start not fixed thing of humans okay I've done both then the reason we did some of the point from

the start is because in the trailers i working my blog inherit the property that we bought it was done with like you know blind apprentice plumbing yeah it's all like you know whatever import racks and then can 70 stuff that you torque down the little middle band over plastic and run hot water does that's gonna work really well lost a ball so I redid a lot of the plumbing in my house and then will be billed with long did all that myself from scratch one of the things you know pressure test you open all the taps get the last one you're going to find out real fast weather alert I didn't get into basically online and then have a run to

the street because we didn't put in the shut off meant all nerds we have plumbers a lot we're going to meet you now first of all why are they the Super Mario Brothers is Mario Indonesia leech I'm the dick they might be named the dog Indiana anyway do not look to them for plumbing they're all do they ever fix a pipe in the games they destroy pipes they like there's just a sea of bricks gold coins and just like dead two rows and this is their legs and what do we think of Wells plumber because empty plumbing brings infrastructure he's dick there are these guys a mountain world just don't go Google that everybody use

of the right age remember that it's available on rip tracks so again through where is this kind of baseline if I'm looking at the plumbing if I'm gonna put in the boat or the picture not a lot someone didn't like something that I get for like normal plumbing stores I have to build it on solid base to make sure all the pipe in foundation work so my firmer infrastructure initializes the hardware sets up root of trust is again I'm the first of the launch I'm the trust and thing that sets up everything else on top of that if I don't have room to trust at that point everything goes on top of it I constantly architected is vulnerable and

I need all the offices so somewhere underneath I've got the code that I want [Music] and we get his nerdy better fret model because of this caliber an article a couple years ago or the until developers own one with the help of Angeles visions in them I mean engineer the rotating light talk so I didn't software people and if you want to talk about that model and it's always a great place to go because urg detail now think of the Death Star's a firewall you brought it and bringing them device now on long time ago to galaxy far far away they had USBC because you didn't have a little Detroit over [Laughter] [Music] and he connects to unsecured assets they

lock the garbage chute down Star Wars is a three committed movie where the rebels lose one that's really depressing was being your bro go on really read it look still throughout the entirety up a whole prequels shut down one computer all droids died you think they'd be better at this you can take this one / over his low level software they sign the updates for the droids these guys like a virologist flash over a military-grade robot and then he just shows up at the base and reprograms another robots really these are the thing is this isn't network attack scenario these two droids are the perfect in that scenario the device you thought was trusted network validated

the original software base and exploits your network now let's go to do the actual thermal our stuff non-stop in scientists there are two general classes of problem one is what we didn't know was bias its heritage is from the nineteen eighties PC AEC XD architecture I need the beige box of land launched a million laws not the clunky lawnmowers that lumpy see is that man to the architecture load level of the original IBM pc/xt apt eighty and because that bias interface is consistent that's what allowed all those computers to run the sing boss compact one monster dollar verse in unity because they had cloned in a clean room environment the box now IBM did another thing right she goes to

the routines looking in the box and you still have to rely on it because there are still there still code you move to do seven there still code that call succeeded interfaces to boot and they're using table references from 1981 to 1985 are coded spots below and megabyte of memory cosmicism terrible on unity to be using 2004 we want to be by unified central america does the same thing to bio stuff double architectural limits and you need to stop assuming one megabyte of memory isn't very that we know now the second time for where you get is couple bootloader and OS thumb launch things on the internet that account something cloud because they can be hijacked a

five-year-old's firmware updates between your light bulbs work there's a light bulb smart guy vault is susceptible to a replay attack how can something that has one button that has two positions be susceptible i'm going to talk mostly about you and buy one it's the spec I actually understand that wrote parts of it your USB to sorry my fault but it's a popular tactic because here's a standard by Windows 10 laptop has to be UEFI even to get the new block long devices that are coming out you you buy you buy and on the show crack server you get Bob the baby compatibility goes underneath but this is the core top of mountain because it's based on a very large single spec

there's a services work one of the ebee is my ultimate now issues can be mitigated on this to you configurable we designed to be a level block of a new system but you're going to find out a lot of embedded and IOT devices when you refine and there's a big open source base now BIOS is a weird business in case you wonder the dota 2 tabs you typically got yeah alright so you typically turn on the system and you see the matron plug up here 15 years there's a logo inside if you're Chinese I saw earlier seasons whatever typically there's one more major companies that provide these code for the program they're taking some stuff from PFC

lessons project so introducing these the license unify basis via Stevie's you can take it revise it not also goes back that goes in the cylinder code to be binary to be source those people who make they can why not to making digital platform so your processor chip set plan you just needed it's whatever at all put on board and then so they can belong customizes and then you get the secret sauce like an antenna side order of the plotting way there a support doesn't why does one company have of a government but another company does and your motherboard goes straight to the website and nothing to buy us directly to the internet without an LS secret sauce

that's why you keep taking the design is flashing on these motherhood right because the partners just enough there's just no difference removed GPIO to mean this one time to this one is low and now that's customized and a lot of stuff still like on your phones right the bootloader on your mom's so you can just thing like Samsung motor inside unerring LG Awards South Korea but also just even work architectures even if they're the same core process with your architecture the board to just differ enough where that's going to throw it off okay so now you have three main categories of risk at least fall into executing a piece of code ahead of the LS motor

would get route gets out of death I got in before get it off to the OS just enough something in the for me I got somebody into the club up up modified firmware contents iced up something either the glove before the enjoy work for the dissolution I pretended I belong in the club which is they call it the club would be needed and long there unless I'm like their dicks the Sounders okay so let's look at a software stack we're doing the partners debut and revert it down the basic things il dinner graphics graphics net middle platform where specifically UEFI from the top bottom architecture concepts and I'm not going to read you the whole unified architecture spec

right even if I fall asleep in that night over this and then on top of that you have to upper layer pieces of software when you're used to Vince the OS the answer up here the idiot user that causes all the problems is like way up the top off to the side you have them both one time so firmware typically means a runtime images small footprint of information the operating system meanings if I close the lid on my laptop you do that 20 years ago you were especially doing the DC notebook but what it does now is that some of the third Marcus is Haley operating system you're going to need to know that this little in is will do a

laptop so you can set up our policy and decide do you want that into something or nothing in power button it needs this little part of the silicon lined up so the operator so is leaving the screws it's leaving will accept so that the OS of the final layout again we've read problems you need to be random server crashes and my hard drive and if it's a display error through home screen yay so you're gonna leave it in a beer and an airlock so those are the kind of services you leave up on it okay so let's hopefully OS lower the most common attack this is where going to see in sublet ransomware is a

food pyramid style attack I have no vest lawyer it was in the disapprobation use the ribbon in the energy sector just hand off to the sector ago I hope everything turns out that anymore that was the MBR style tag those are those like college and all of a sudden all your plotting drives are infected sector thing that you didn't scan and how everybody got it yay so most of the your reason where it works by the ninety one of these encrypting the hard drive and then you move up the thing that tells you where that the bitcoins is in the boot sector or the loader the OS so you have to watch out for where the firmware is

getting these Russians from now second thing you can do is you can go down to the hardware now if I let's say that you unblock the challenge and you get a shiny new Nvidia something 160 quality I mean my video editing software left hand now when you put that in your computer Ignis have taught your computer even changing the code of the board has dropped it in them you get a network party you drop it into a server it is that we knows how to network boot is into a little configuration engine how does it know how to do that just like the motherboard it carries a little optional it has code that the furniture

looks for and it dispatches that who will a driver execution environment piece of cobalt dispatcher that sits in the firmware so the firmware initializes the base part working on the pieces performances is there anything out there you need to show me and when the part says yes for I am SATA power and I will give you a place to initialize myself and so right and then you can update that driver and if you can secure the update on that driver someone can sneak plug in and they get control during the dispatcher phase and drop that coded before you're even on running so that's bad and the third thing that happens is a triplet escalation yeah unified platform groomers

responsible for building the runtime system now that means it can put stuff in so that it intercepts call something os would make back to home code or everything we were written irrelevant was a concept until platforms there's two privilege level behind that what a lot of people in presentations will call three minus two is what we call system management motor SMM we submit some code we do a memory window it's only visible from its special interrupt on the processor and operating system company both love this and hate it they hate it because we're sneaking out behind them and they love it because if there's a bug in the operating system so it's used for a lot of weird things we can see see

memory struggling and a lot of other intervene between upper teens and so your servers have management code lives in SMM and I'll try to put secret sauce over there so those are the three different ways of sharing where can get stuff okay so this is probably base you're all making right now right grape varietals okay no you normally I percent the front or developers tell them why they should not do the things instead I might change this a little bit and talk to you as people who are investing and fix it as to what can you do as far as mitigation is there anything simple you can do to fix a lot of these issues now and is

there's something that you need to do that you know what you mind just system something you should be looking for that we make this go away I think this is less of a problem so again the features you can turn on the other pics a lot of this certainly make it harder for somebody to do them in this kind of hack and when you go to buy new things once you update the part mark when you buy it you could also test for these issues to see if the new your updates contain known problems okay first seriously you travel with your laptop if you don't have a password set really all right anybody eagle made scenario first

of all I don't like this you can do job types every but it's important to stay in a lot of hotels a lot there are measurements okay but if you walk up with the USB key and plug it in and turn on a laptop you include the password set its tributon where they can boot off of that key instead of the MENA they've got a batch button people with mode where you switch it it becomes using spare to us look at the end to the laptop on and you can do whatever you want now that's plenty of revolt let's use that over a virtual network currently shutting out never moving as well and then if you are doing a headless system

I serve in Iraq then you don't want to do waiting movement password because you don't want the server to reset and go back in your password and you're at home on Sunday Sensibility so you want to set an admin password to something just can't walk into you turn off the little thunderbolt protection or you can plug in the Thunder one thing that has a PCI Express card on end with an N eg a toad exploit your system does exist you can change a bit into the third work that stops that B may attack tomorrow and then the attacker walks right in and goes to the same set of the new terms of it often and attach your

system anyway you can set an admin password is killing a lot of problems right now and this is built-in won't even Apple has okay some day welcome to shopping for new stuff we're going to my stuff is looking at me here great okay things are getting able on a system now that will help you the to favor the movie by secure dude and the TV on Professor Platinum's okay first of all I said you invest your dude probably couple when that I use linen Lenox people hates appear to disappear but it doesn't work linens and no that is not the negations from thousand eleven minus Rho to the event II without early 2011 that means right then and we

fixed it and then everybody goes back at least 2001 the email puts it on reddit and system period doesn't work instead of reading the manual that comes with Linux distribution and realize that it works ideal the guy who wrote the code I know we love you but he works with their window than they meant me dear Peter June was one still up the doors and we will of course you've got secure boot basically everybody signs of boot loaders against a standard certificate authority and then you can roll those matching public keys in your firmware and turn on secure route and then if you have a cert from the certificate authority magically would sign the loader yay then and they're not

having to log into the server developers you in the same see a very quick now it does another important thing once your booster motors can be loaded that means the tuner is often delivers 16-bit when we code happening to customers when secure is on can't run with a separate ludos x8 wonderful side of that but it also means they can't take an old stick and go on lunar runs and all fertility I've got no can do that there is anybody to leave shell the sea refuses to sign the shell read uses the end of the shelf amusements or conventions now here's the wonderful thing if you're a Linux user especially the roll through Miami product you can make your own keys

that means you can sign your own custom kernel with your mu 0 e change and you can lock out a product that doesn't have your signature that means you didn't run a Linux system that locks out windows that's a great feeling two priests up or people in though I didn't think about that wrote a white paper it's easy to do alright second is TPM keep using measurement system if you want skim boot you're basically saying you're good you're good you're good up to the OS handle now the less we look at the TPM which is hashing measurements for the new process and platform configuration register if you see are and then you can essentially do we look back in time if

you're a lot the last boot that I trusted nothing's changed and the PCR she gains that was a similar that take the same route work methodical then I should think about the same amount of time sheeting same number steps if I was trapped in somebody on the trucking company and I saw one day that their delivery took 15 minutes action early morning traffic jams I don't get something's up that's kind of what a team en does now there's a little bit of the world that security requires of continuing which is problematic view exports certain phenomena will determine TPM the CPM we won't come to expect earlier has export restrictions specifically to is like China and Russia which have their own

kind of other problems important electronics that's a different issue now install that TV OH - OH remove some of those restrictions and also doesn't rely on things that you outlined so it's a much better system to go back and the case when you use BitLocker or measured wounds or the security requirements for Windows systems included barks interviewed Antoninus both activated so using full BitLocker all these things plus partner after persons are turned on okay when you go shopping later on you're going to look for a couple of things one you want to vendor it into its size for more updates it's very simple there's a black actors engagement that let me tell you which one going for it they list to the top

colonies then there's the number of current updates they put out a period of time and how many of them were signed for the next number while official court he is a surprising to zero yeah and these are big companies one of them does something else bad operator incorrectly that makes it even if you sign the updating as long as you want to bender the time they're updates because you want to trust the addition coming from the right place the best waiting to signed up they say there is one capsule because if you have been updating to conclude run your little utility with exhaustion totally our windows utility windows if you're lucky you're in Linux I've been working on accessible areas so

you have an OS problem closet - utility now we have this other piece of code in the way whatever market update itself if you don't trust any longer more than the battery with different problem nothing on fault but if you dress version one and version once you filled up being version to version 3 as long as the signature capsule allow me with staging in memory but then the firm organs so now you have trust reserve some trust this already works in Windows and Linux move the surface product service pro service service studio this is how many different markets that come from windows up they say you need to give your driver updates Adele has enabled a system ready which

is built into and then hardware root of trust alright and tell me something both new part alone newer systems we use keys the end of the battery so Intel the only uncertainty and the and some signed by in tell somebody oh yeah so that way even with site has to lose another shed one long to be update and each we actually use this all mafia okay shut up the government here the Commerce Department has a single missed missed bakes recommendations that invades on how to do spirit properly there's an entire section 800 cybers dairy because we're the best of the cycle right okay so a Pradesh 147 and 857 be our BIOS protection guidelines for work standard systems and

server systems and then the draft which is closing comments 193 is for more resiliency so how do you protect honor at a basic level and how do you make sure that firmware basically can recover so if you have a system that gets to be in orbit make sure that certain orange trust in the nerman can recover itself in ways that it's safe to then recover the entire system we're looking at visioning practical services now a couple of important things one isn't it 800 anyone or in sevens about six years old now but it's now an ISO specification so instead of this BB US Congress requirement it's now a double standard you can use worldwide so this

means that the bottom line really important manufacturers may have to comply with this to eat certain purchasing requirements if you are spec'ing out system there you get the health as a consultant do a bid for a large installation make sure they're not citing this purposing that they are you have to check of all the vendors to make sure they comply if you do with government bid it almost guarantee that there is 800 Martin's are going to apply to it and then your vendor of hardware whether it's the Peugeot and and part in the motherboard enhance the complied a loser's one three seven or eight hundred 193 so this is also the nice thing would look for just in general purchasing

because most of the companies aren't going to government spec and consumer special things turn were updates again make sure the right firmware updates no longer wrong stuff so popping up I really manual on my 80s so firmware update signatures and verification is it the right board there's built-in gaming system okay and you keep straight which MSI motherboard or issues motherboards you slap down on that thing is it the be very so if you get the wrong firmware version and they're not verifying the board check for you or they're not finding it properly you could accidentally flash the wrong turn or on the system and you have a very nice shiny grip now doesn't even make a

lot of heat because of any internal on its at sorry - that's defenders of the signed up rumor I would pretend to go back so it's really important in you capsule capsule can specify it the last heard of the term are you can roll back to there's a next one urgent I knew a corrected version seven someone shouldn't be able to come along and drop 35 back board and that's the way that people competed - sometimes they know there's version firmware that has a problem and on the expo even if you did the right work and I'm in your office so even if capsules not lean checking the requirements you should still get a better than gives you superior is all

right yeah I'm scared you a little bit don't worry more work on so there are three things that I worked on Ireland won't you just promise when you come up cloud it's this big annoying because system so you having cloud system so one is we letters a lot of open-source more iseman for better code second and push standards so that if I go out and buy multiple working company a I have to get an OS and specifically they have not in the age another board this students is the lot meaning that it's based kind of come back on that it just cuts down on vendor choice and also test tools I tell you there's a problem

out there probably else until you have fondant fix it if I just of course the kids I'm going to teach you how to block or we're gonna have to teach you how to walk out of the way I'm not going to show you you know I'm going to grab you and show you that you get after at so developers buzzing and symbolic a solution most of your media my mother over what kind of stuff you could find hermetically so we spent a lot of that hurt box coming on the river here's a girl in an apartment cement of boxing later friend Jacob was over in Sweden PhD chef guides to create uh presentations it's working on this

thing called excite with a simulated system that's a it's a bid for bid in the action of the platform that we ship leaves it for Utley development and we beat snot out of it just every interface we can throw at it and wants integers and Grill on side it want strengthens we throw garbage and we try to see how we can break the API and we have a disability system to simulation it makes it easier to narrow down those gaps people are an article about this last month on Intel's developer zone so if you're interesting like this kind of stuff the links to be in the presentation all right validation group that used to work in the Cathy that

networks are my feet are mostly already is writing to a hope chipset this is a security validating tool you go to all the same conferences everybody else goes to all these people sometimes presenting I'm not in Vegas it's not obviously business so if there's an unemployed we work with them in advance we found lines in birthdays we're to bring closure responsible in this group should get all of the stuff deployed and then we released the information about the issue and immediately have a chipset test that's ready to go public zero day does happen you scramble a lot of our family and then put us out eventually but most of the time for working with Intel does

have a bug bounty that enclosure firmware discover this runs in the you facility while they're at the OS level and it's full GPL license and if you want to go buy a Windows system and say I wonder if this is going to run Linux before I drop off we have a simple love it's a single image the flash of the USB key you plug it in there like a bunch of look it's validation test including chipset we look it'll show you there's any problem that system running limits and also show you even even in security now firmware has a variety of attack services with updating the vendor features bad coding practices like I don't know these not

walking us and run out where the system management mode you know that thing that's the window behind the operating system the spi part is mapped directly in the memory when they initial system reboots sentence it takes incompatible back to the 1980s it starts out at the same reset Beckman 16 bytes below 1 megabyte that's not to do a physical address and then rate supposed to turn that off when you get to the end of the boot spoiler alert and sometimes it does so we have all these tests they typically point back to embarrassing the new presentation at and set Accord f9 what we do post that information and all that stuff haven't I thought mini grant

materials you want to start messing with this stuff so you can give me headaches I mean contributing of course right until those project called network for about a hundred US dollars you can buy a Intel Atom platform that has all the rivers and dream comes as firmware and - a couple of blobs that have actual licensing in open source so you can download board that dimensions we're just going to go with the firmware build the firmware flash it on the board with standard heat and header $3 device called spot open and then go it down he bogeyed over the serial port get the raspberry PI's to sincere report and you can we have people living

commercial designs based on this they just don't bother with all our novel attorneys they buy this thing from Mauser and then they make their own design of all the open source stuff we're going to play out another version based on the new recipient yes we'll talk the cancellations over several years yeah this is though Aven based products it's not part of the recent installation of the other end products it's not in the line so this is unfair in fact that middle board Maxim now the standard you want to do a major thing at Intel and it's really like 249 glass but we don't subsidize those so if you wanted to go out and build that boarding

probability Chambers is resourcing hiring moments or any small manufacturing runs if you went up by another maker born some of those are subsidized and you need to can't buy the partners you're not part of the foundation or you can't make it for the mounting sell it for themselves so it's a different way if you plant an issue don't email some plain text don't put it on the message board of the developer zone either go to us our team which is the industry response group yet the PGP for the email and send it or go to these secure Bugzilla we mentor and enter it is a security item which you never email goes into a special

watt non-mobile area of book villa and everybody that's in you is are eating traffic so that it doesn't just show plain text and something's inside meg are you still doing that but this is important is that we actually put a lot of the things that you've seen some new to sexuality and some of the things that just had supposed to black hat and DEF CON went through these processes approached and got promised closures and stuff about DEFCON here and know about that mutations area we have advanced we've learned many things and there's resources at the end of the presentation on we were to get open source materials where to get the tests but I wanted to

walk away from this a better understanding an iron and one of these for your average use so remember burglars of your system software that lives on your devices your thermostats connected to the Internet the various things connected to that laptop server whatever it got some kind of firmer I mean standards-based it might be three people in a garage for century anyway it's critical to security if you don't trust the firmware no matter what we do on top of that and on top of it you might have something going on underneath it so you need to work with a terms defender and you're designing a product so maybe you're a little startup eight I said we're stuff right now understand

the firmware and nonetheless over it it's not just a you know it's a speed bump that I mean it's a popular attack target because it's something you there and it stinks around there's it is dependable I didn't just come here to steer iam go good love and then you know hit the referee right there are ways to stop these things they're as simple as you know password on your life not or been a lot of simple walk-up attacks so when you go to getting some pizza you know at the conference but they leave this doesn't lock up at the bash body a move your laptop I'm trying by the way figurehead use battle I need to do like nice

testing that means that's been like a lot of Rights confirm their routines word that we suppose to send me to it and it's not putting on skillful honors I mean really and this is something that I have to say to look for more than a lot of us are electrical engineers who worked on micro processors didn't get into the cool kids club meeting plantations so all of our skilled how low level where boundary splitting bits so programming practicing firmware has not only been a top skill level and we're working so we're doing things and seeing we're a people to return bust we have we're doing testing a lot of virtual so we're trying to send

levels people that you're trying to nationally and hopefully we all will do it it's going to work out a lot better I have a blog on Twitter account then once again how you see a place your partner's getting your coding security conference that's great no it's going it just goes to my blog on the developer site I also plug in and bless your heart it's one of the great southern settings and y'all saw a legitimate your have a problem don't use it I've introduced veterans in Oregon there with y'all burger community and all of y'all out there insecurities [Laughter] [Applause]