Wow—we are entering a new era. Over time we have seen attacks and backdoors move from applications to system services to operating system kernels, but now it is a whole new level.

A few years ago we saw researchers turn some attention towards embedded OS and the CPUs they run on, like FX poking at Cisco IOS. Barnaby Jack continues the trend, but this time looking at ARM on-chip architectures. Barnaby promises to kick some Fu on a popular hardware router to demonstrate exploitation of such embedded devices. Your firmware isn't looking so firm anymore.

John Heasman will be presenting a second showing of his presentation on using the PC BIOS Advanced Configuration and Power Interface to subvert both Windows and Linux kernels and allow the development of cross-install and cross-OS rootkits. John breaks the subject down so it is easy to understand, which should scare you at least a little. He also discusses defenses against BIOS subversion and what affects the TCPA initiatives will have on rootkit deployment.

I would like to take a second to point out that the threat of kernel subversion through the BIOS has been long talked about, and counter-measures like cryptographic integrity checks of firmware and trusted boot paths have been developed to protect against such attacks. However, such defenses are not widely adopted. This is another case where the industry and vendors are waiting until an actual, demonstrable risk is publicized before deploying a fix that was proposed long ago. But what about the really bad actors that don't publicize their techniques and work? There is a lot of academic work published related to trusted boot--it is not out of the realm of possibility that techniques like the ones Heasman discloses have already been put into practice by those suitably motivated. When is our industry going to start trying to get ahead of the curve?