Security News > 2020 > February > Peripherals With Unsigned Firmware Expose Windows, Linux Computers to Attacks
Peripheral devices with unsigned firmware can expose Windows and Linux machines to attacks, allowing hackers to install stealthy and persistent malware, steal valuable information, or take control of a computer.
Researchers at firmware security company Eclypsium have discovered that many peripheral device manufacturers have not implemented checks to ensure that the firmware running on their products comes from a trusted source.
Attacks can be launched against both Windows and Linux computers, including laptops and servers.
Eclypsium has identified insecure firmware on touchpad and TrackPoint firmware used in Lenovo laptops, the HP Wide Vision FHD camera on an HP laptop, the WiFi adapter on a Dell XPS laptop, and a VLI USB hub.
Installing malicious firmware on these types of devices can often be done by abusing legitimate firmware update tools.
News URL
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)