First Sednit UEFI Rootkit Unveiled

Cite

Related Material

Chaos Computer Club e.V.

Vachon, Frédéric

Formal Metadata

Title

First Sednit UEFI Rootkit Unveiled

Title of Series

35C3 Refreshing Memories

Number of Parts

165

Author

Vachon, Frédéric

License

CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/39202 (DOI)

Publisher

Chaos Computer Club e.V.

Release Date

2018

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level. Our talk will reveal such a campaign successfully executed by the Sednit group. We will detail the full infection chain showing how Sednit was able to install their custom UEFI module on key targets' computers. Additionally, we will provide an in-depth analysis of their UEFI module and the associated trojanized LoJack agent.

Keywords

Security