Header bannerHeader banner

Binarly Presents New Firmware Vulnerabilities at LABScon 2022

Pasadena, CA - September 20, 2022 - Binarly Inc., providers of the industry’s first AI-powered firmware protection platform, will take the stage at the inaugural LABScon 2022 this week to call industry attention to a new batch of serious security vulnerabilities affecting tens of millions of computer devices.

Binarly co-founders Alex Matrosov and Claudiu Teodorescu will present technical research on attack surfaces below the operating system, pre-boot security check bypasses and major weaknesses in modern endpoint security tools.

Exclusively for LABScon, the Binarly research team will disclose seven (7) new serious vulnerabilities affecting Insyde reference code. These vulnerabilities were initially discovered on a laptop from manufacturer Framework using Insyde Software firmware.  Working collaboratively with Framework and Insyde, Binarly helped to validate mitigations in the form of updated fixes and patches distributed to affected users.

As part of a year-long exposé of “repeatable failures” throughout the firmware security ecosystem, Binarly plans to share details on critical vulnerabilities related to pre-EFI, SMM and DXE firmware components; and major design weaknesses in the default WMI mechanism used to monitor endpoints for signs of malicious compromises.

A second LABScon presentation, titled “Blasting Event-Driven Cornucopia: WMI Edition,” will disclose new ways to disable the Windows Management Instrumentation (WMI) mechanism used by existing security technologies to monitor endpoints for signs of malicious attacks. The new attack vectors add to the disclosed methods of attacking WMI that were presented at BlackHat USA 2022.

The team will also call industry attention to major gaps in patch-distribution systems that leave vulnerable devices exposed for months after vulnerabilities are publicly disclosed.  

Figure 1

In the last two months alone, Binarly’s research team discovered 19 high-severity vulnerabilities impacting all major vendors, including Intel, HP, Lenovo, Dell, AMI, Insyde, Fujitsu and many others enterprise devices.

“It’s very complex and difficult to coordinate and fix firmware-related vulnerabilities because it requires the involvement and agreement of multiple parties. Coordinating the fix for these vulnerabilities required the right tools to identify the affected product lines, which require the right technology to scope these issues. In many cases, static source code analysis will fail, so the Binarly team developed a deeper code approach on binary-level for our SaaS-based solution,” Matrosov said.

Quote from Insyde:

“Insyde Software prides itself on the timeliness of its response to all security-related matters,” said Tim Lewis, CTO and head of Insyde’s Office of Security & Trust. “Collaborating with Binarly after their discovery to understand the nature and severity of these issues was paramount to our ability to have a resolution well before public disclosure,” added Lewis

Quote from HP PSIRT team:

“HP appreciates Binarly’s contributions to help make HP products more secure.”

Quote from AMI PSIRT team:

“AMI is committed to working closely with Binarly to leverage its innovative vulnerability detection technologies to strengthen the security of our products and firmware supply chain. We believe this collaboration is essential to protecting our customers and improving AMI's overall security posture. AMI looks forward to partnering with Binarly in this important effort.”

Quote from Intel PSIRT team:

“Intel appreciates recent collaboration with Binarly involving their security research and notification of affected vendors.”

Quote from Framework Computer:

“We like the open and collaborative approach that Binarly brings to firmware security, an area of critical importance that has not gotten as much visibility in the past.”

About Binarly

Based in Pasadena, California, Binarly brings decades of research experience identifying hardware and firmware security weaknesses and threats. Binarly’s agentless, enterprise-class AI-powered firmware security platform helps protect from advanced threats below the operating system. Binarly solves firmware supply chain security problems by identifying vulnerabilities, malicious firmware modifications and providing firmware SBOM visibility without access to the source code.

Eric Brown