Security News

Three firmware blind spots impacting security
2020-04-27 05:30

That said, many organizations are still suffering from firmware security blind spots that prevent them from adequately protecting systems and data. The security of firmware running on the devices we use every day has been a novel focus point for researchers across the security community.

What do a Lenovo touch pad, an HP camera and Dell Wi-Fi have in common? They'll swallow any old firmware, legit or saddled with malware
2020-02-19 08:02

Eclypsium said on Monday that, despite years of warnings from experts - and examples of rare in-the-wild attacks, such as the NSA's hard drive implant - devices continue to accept unsigned firmware. The infosec biz said a miscreant able to alter the firmware on a system - such as by intercepting or vandalizing firmware downloads, or meddling with a device using malware or as a rogue user - can do so to insert backdoors and spyware undetected, due to the lack of cryptographic checks and validations of the low-level software.

What does a Lenovo touch pad, an HP camera and Dell Wi-Fi have in common? They'll swallow any old firmware, legit or saddled with malware
2020-02-19 08:02

Eclypsium said on Monday that, despite years of warnings from experts - and examples of rare in-the-wild attacks, such as the NSA's hard drive implant - devices continue to accept unsigned firmware. The infosec biz said a miscreant able to alter the firmware on a system - such as by intercepting or vandalizing firmware downloads, or meddling with a device using malware or as a rogue user - can do so to insert backdoors and spyware undetected, due to the lack of cryptographic checks and validations of the low-level software.

Is your firmware vulnerable to attack? A report says it might be
2020-02-18 19:07

Unsigned firmware in WiFi adapters, USB hubs, trackpads, and other devices can be compromised by hackers, says enterprise firmware security company Eclypsium in a new report. A report released Tuesday by Eclypsium details the risks involved in using devices with unsigned firmware.

Peripherals With Unsigned Firmware Expose Windows, Linux Computers to Attacks
2020-02-18 12:24

Peripheral devices with unsigned firmware can expose Windows and Linux machines to attacks, allowing hackers to install stealthy and persistent malware, steal valuable information, or take control of a computer. Researchers at firmware security company Eclypsium have discovered that many peripheral device manufacturers have not implemented checks to ensure that the firmware running on their products comes from a trusted source.

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs
2020-02-18 11:00

TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing. Eclypsium researchers analyzed a Lenovo ThinkPad X1 Carbon 6th Gen laptop, which contains two vulnerable firmware mechanisms: Touchpad firmware and TrackPoint firmware.

This is not Huawei to reassure people about Beijing's spying eyes: Trivial backdoor found in HiSilicon's firmware for net-connected cams, recorders
2020-02-04 22:26

CCTV equipment maker Xiongmai effectively built a poorly hidden, insecure backdoor into potentially millions of surveillance devices, it is claimed. A hardware probester going by the name of Vladislav Yarmak alleged this week that China-based Xiongmai - best known for its wide-open security cameras - left a remote debugging and management tool in its firmware, which is used in network-connected surveillance video recorders.

Leaving your admin interface's TLS cert and private key in your router firmware in 2020? Just Netgear things
2020-01-20 21:23

Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices.

How Microsoft is using hardware to secure firmware
2019-11-27 11:13

Even full disk encryption can't keep you secure if your PC firmware is compromised, so Secured-core PCs will use the CPU to check if UEFI is telling the truth about secure boot.

Security Vulnerabilities in Android Firmware
2019-11-18 12:33

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android...