Uncovering Firmware Security: A Deep Dive with Binarly's Philipp Deppenwiese

In this riveting episode of "Nerding Out with Viktor," host Viktor Petersson is joined by Philipp Deppenwiese, the Head of Solution Engineering at Binarly. They dive deep into the world of firmware security, a critical yet often overlooked area in IT security. Philipp shares his extensive experience in the cybersecurity industry, discussing his journey from government contracts to founding the 9Elements Cyber Security department and eventually landing at Binarly.

The conversation kicks off with an exploration of Philipp's career and the genesis of Binarly, a company that has been making waves with its innovative approach to firmware security. Viktor and Philipp discuss the unique challenges of firmware, BIOS, and the importance of transparency in the firmware development process. Philipp provides an insider's perspective on Binarly's groundbreaking discoveries, including the infamous "LOGOFail" vulnerability, which exposed critical flaws in BIOS boot logos that could lead to system compromise.

They also delve into the intricacies of Binarly's tooling, such as FW Hunt and the newly launched RISK Binarly service, which allows users to scan firmware for vulnerabilities and generate SBOMs (Software Bill of Materials) directly from binary code. This innovative approach bypasses the need for source code, making it a game-changer in the industry.

The conversation takes a broader turn as they discuss the cultural and technical challenges in the hardware and firmware industry. Philipp shares insights into the difficulties of responsible disclosure with hardware vendors, the complexities of managing PKI in firmware, and the critical role of attestation in ensuring system integrity. They also touch on the Cyber Resilience Act from the European Union and its potential impact on the industry.

Philipp sheds light on the often opaque world of firmware, emphasizing the importance of open-source development and collaboration. He highlights the growing need for transparency in the supply chain, particularly as firmware complexity increases with advancements in technology.

This episode is a must-watch for anyone interested in cybersecurity, firmware, and the future of IT infrastructure. Whether you're a seasoned security professional or just curious about the hidden world of firmware, Viktor and Philipp's discussion offers valuable insights and thought-provoking perspectives on the challenges and opportunities in this critical field.

Key Topics:
- Philipp Deppenwiese's career journey and role at Binarly
- The evolution and importance of firmware security
- Detailed discussion on "Logo Fail" and its implications
- Binarly's tooling for firmware vulnerability detection
- Challenges in responsible disclosure and PKI management
- The role of attestation in system security
- Impact of the Cyber Resilience Act on the industry
- The future of open-source firmware and collaboration

Don't miss out on this deep dive into the world of firmware security—hit play now!

Скачать видео