January Firmware Threat Report

Below the Surface

Yesterday Eclypsium published new research exposing vulnerabilities to Direct Memory Access (DMA) attacks in laptops from HP and Dell. Eclypsium researchers, Mickey Shkatov and Jesse Michael demonstrated that high speed DMA attacks can bypass hardware protections on enterprise devices. This powerful class of attacks is an industry-wide issue that threatens servers as well as laptops. 

READ THE REPORT >

Join us for a live webinar on February 5th. REGISTER NOW >

What is your line of sight to potential firmware vulnerabilities? Did you know that 2019 had the most firmware vulnerabilities ever discovered? There was a 43% rise over the previous record in 2018. This whitepaper outlines 5 questions to evaluate and improve your firmware security posture.

LEARN HOW >

INDUSTRY PERSPECTIVE

  • 5 Key Security Lessons From The Cloud Hopper Mega Hack The Chinese hacking group known as APT10 is suspected of being behind the “Cloud Hopper” attack. If the hackers found weaknesses in cloud companies’ defenses, they exploited them to hop across different customers’ networks, stealing intellectual property, security clearances and other data as they went.
  • According to World Economic Forum, hardware is a cybersecurity risk. The impact of a successful hardware attack makes designing a comprehensive risk mitigation strategy crucial. Prevention requires shoring up all stages of the manufacturing supply chain and developing thorough means of testing. 

FIRMWARE SECURITY RESEARCH

  • CacheOut – Leaking Data on Intel CPUs via Cache Evictions. Recent speculative execution attacks demonstrate how attackers can leak information while it moves through microarchitectural buffers. In this work, several researchers review CacheOut, a new microarchitectural attack capable of bypassing Intel’s buffer overwrite countermeasures implemented to prevent previous Spectre type of attack. 
  • Gentech research announced the results of its new study – almost 4 in 10 security cameras can be at risk of cyber-attack due to outdated firmware. This highlights the breadth of firmware vulnerabilities.

FIRMWARE SECURITY ADVISORIES

  • Cable Haunt is a critical vulnerability found in cable modems across the globe from different manufacturers. The vulnerability allows for remote arbitrary code execution. The vulnerability originated in reference software, which is copied by different cable modem manufacturers when creating their cable modem firmware.
  • Netgear Signed TLS Cert Private Key Disclosure There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware. The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear’s support website, without authentication; thus anyone in the world could have retrieved these keys.

ADDITIONAL READING & LISTENING

  • View Uncover, Understand, Own – Regaining Control Over Your AMD CPU. Listen to how researchers reverse engineered an unknown subsystem.They looked at what the AMD Secure Processor actually is – a dedicated security subsystem that runs code you don’t know and don’t control.
  • Listen to the On the Metal podcast starring Eclypsium’s Rick Altherr. Rick discusses firmware as the latest attack vector, impossible bugs and the impact these attacks have on organizations.

FIRMWARE SECURITY WEBINARS

  • Answering your questions—join Eclypsium’s principal researchers, Mickey Shkatov and Jesse Michael for a Q&A about Direct Memory Access (DMA) Attacks 
    • When: Wednesday, February 5, 2020 at 10  a.m. PDT. 
    • What: Direct Memory Access (DMA) attacks are an industry-wide issue allowing direct access to information and kernel privileges, which can be devastating. Our research shows that enterprise-class laptops, servers, and cloud environments continue to be vulnerable to DMA attacks, even in the presence of protections. 
    • REGISTER NOW >
  • Join Eclypsium for the Anatomy of a Firmware Attack webinar 
    • When: Tuesday, March 3, 2020 at 11 a.m. PDT.
    • What: By attending this webinar you will walk away with a better understanding of the rise of firmware and hardware attacks, attacker motivations, key firmware components, and their role in an attack, attack vectors and malicious techniques. We will conclude with a case study of an in-the-wild attack.
    • REGISTER NOW >

UPCOMING ECLYPSIUM TRAINING

Eclypsium is known for its excellent training in firmware security and threat prevention. These two-day sessions teach security at the hardware and firmware levels, understanding attacks against system firmware, how to mitigate them, how to identify vulnerabilities and how to perform basic forensics on different firmware components.

Sign up for our upcoming training at CanSecWest 2020: