Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
This presentation explores the critical vulnerabilities in embedded device boot sequences that compromise security chains of trust. Discover how bootloader vulnerabilities can be exploited through physical or remote access, allowing attackers to achieve undetectable arbitrary code execution that persists through recovery attempts. Learn about real-world examples including a network device running legacy grub 0.97 and the "RootBlock" vulnerability that compromised Dell iDRAC9's secure boot chain. The talk examines the identification, exploitation, and reporting process for these vulnerabilities, presents a survey of popular bootloaders' attack surfaces, and discusses industry-wide solutions needed to address these security gaps. Since bootloaders are often shared across different devices and vendors, this knowledge provides an opportunity to improve security across the embedded device ecosystem.
