On Mon, Sep 25, 2017 at 10:44 AM, Georgi Guninski <guninski@guninski.com> wrote:

On Tue, Sep 19, 2017 at 01:57:33PM -0400, Travis Biehn wrote:
> Yes - in addition, since some attackers have been shown to compromise not
> only UEFI firmware, but also blobs in peripheral devices, a re-flashing of
> those components from HW land. In many cases, this type of recovery is
> 'impossible'.
>
> Practically, individuals will take a stab on guessing attacker capability
> between; zero sophisticated persistence and h/w re-install survivability
> and act accordingly. It is difficult to get that right, if not impossible.
>

Thanks. I suppose it is safe guess that non-negligible part of the world
is persistently owned?

Hey Georgi,

On prevalence I won't speculate - but my number would be pretty low. You don't burn your fancy hardware persistence on just any target.

In somewhat-related news, the cat and mouse game is getting a bit more interesting with Apple High Sierra's eficheck. While I don't expect it to remain effective long, it promises to find some 'interesting' old samples.

-Travis

Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus