PODCASTS

BTS #55 - Netgear, Gigabyte, and Rowhammer Vulnerabilities

In this episode of Below the Surface, the hosts discuss critical cybersecurity topics including vulnerabilities in Netgear and Gigabyte devices, the importance of asset inventory, and the implications of Row Hammer attacks on memory integrity. They emphasize the need for organizations to implement compensating controls and monitor for potential threats, especially in the context of supply chain security and IoT devices.

Subscribe

Below the Surface Episode 55: Netgear, Gigabyte, and Nvidia Row Hammer Attacks

Host: Paul Asadoorian
Guests: Vlad Babkin, Wes Dobry, Chase Snyder

Introduction and Episode Overview

Paul Asadoorian: This week on the below the surface podcast we’re discussing Netgear, Gigabyte and Nvidia row hammer attacks. Stay tuned below the surface coming up next.

Welcome to Below the Surface, It’s episode number fifty five being recorded on Wednesday, July 16, 2025. I again have roped in my co-workers doing podcasts with me Mr Chase Snyder is here with us. Chase, welcome. Wes Dobry is here and Vlad Babkin.

Chase Snyder: What’s up?

Wes Dobry: Hello there.

Vlad Babkin: Hello.

Paul: We have a nice rounding out of everyone from Eclypsium. Wes is sales engineering, Vlad is research, Chase is marketing. I have a foot in both marketing and research and engineering. It’s a good representation. Before we dig into the topics today, just a quick announcement below the surface listeners can learn more about Eclypsium by visiting Eclypsium.com/go. There you’ll find the ultimate guide to supply chain security. An on demand webinar I presented called Unraveling Digital Supply Chain Threats and Risk, a paper on the relationship between ransomware and the supply chain, and a customer case study with Digital Ocean.

Netgear in Enterprise Environments

Shadow IT and Deployment Scenarios

Paul: So speaking of the product, not that we’re going to make a product pitch, but we’re going to talk in general about Netgear. And we’re not going to pick on Netgear. It’s actually a good thing for Netgear. In my opinion, we’ll talk about how it’s actually used in the enterprise, whereas most will associate it with home use or SOHO, small office, office, small enterprise kind of stuff. But they kind of seep their way into the enterprise. We’ve got some great product support for NETGEAR that was based on requests basically. I don’t know, Wes, do you want to start with NETGEAR as you’re probably the closest to our customers that have some of these challenges with this type of gear leaking its way, right?

Wes: Yeah. So I’ll start with a little bit about what we’ve seen with Netgear, but also a little bit about what some recent news and some recent things regarding Netgear as well. So, you know, our customers where we’ve actually seen Netgear in place is in one of two use cases. One where they’re looking for inexpensive products or relatively inexpensive products targeted in even in some cases disposable use cases where they can go and put rather inexpensive things that are meant to be sent out to be cost effective to do a task and then afterwards, you know, if that device is no longer needed, maybe it’s even disposed of.

Paul: Right, they call those flyaway kits. I don’t know where that term came from, but that’s…

Wes: Yeah, exactly. And those things are designed to be a simple bundle of things that allow them to complete a task, whatever that task may be. Now, the other area where we see Netgear stuff is a lot of times in things like mergers and acquisitions. You come in, buy another company, and you find that you have people that have done unmanaged switches or other Netgear equipment, but also in the standpoint of where like you said, SOHO or places where they needed non-managed stuff.

Recent Vulnerabilities and Known Exploited Vulnerabilities

Wes: Now, we may have seen in the news recently that there was a number of vulnerabilities discovered for Netgear equipment. And, you know, I think there were over 500 recent ones, including things like remote code executions and things that are known as being exploited in the wild. And this overlaps real heavily with some of the things that we’ve talked about in the past with things like salt typhoon, volt typhoon, flax typhoon, silk typhoon, all the different typhoons and all the other APTs out there that look at these devices and say, okay, there’s CVEs or KEVs, excuse me, known exploited vulnerabilities.

Paul: I think there was eight of them I put in the blog post that were on the CISA-KEV, yeah.

Wes: You end up in scenarios where if you’re working with a device that’s end of life, like we see a lot in these cases where people have bought these things, they just lived in an environment because they’re unmanaged in most cases or lightly managed. And we end up in scenarios where now these devices still exist out there with vulnerabilities that organizations don’t know about.

Why Netgear Persists in Enterprise Networks

Paul: I think I have a theory as to why these exist for a long time actually a testament to that here is that they’re actually really well-made for the price point you get a lot of value especially just like you said was needed unmanaged which fact i think i have one hanging in the corner of my office right now that aggregates the devices in my office and army knock on wood but i would chase myself but you know they’re solid if they just work their performance if i don’t really need to manage it.

The other option, I mean I’ve had TP-Link, a similar manufacturer, their switches have worked just fine for me as well. Now, I’ve also bought used Cisco gear, like 3500 series switches. I’ve also got some of the Cisco small business, and while those are managed, they tend to have lot of vulnerabilities that end up not being fixed because they’re end of life. So in some cases, you’re almost better off getting the Netgear unmanaged device because it doesn’t really pose a threat if it’s unmanaged it doesn’t present itself on the network.

APT Targeting and Shadow IT Infiltration

Wes: So they’re using these known exploited vulnerabilities and getting into Netgear and no one even knows that they’re there. So I mean, imagine infinite dwell time in an environment as long as you don’t go and do something else to be caught. And that gives you all the time in the world to research, collect information and at some point, you know, move laterally. And, you know, we’re absolutely seeing that in our customers and hearing about it in the industry as a whole.

Chase: This is why asset inventory is like the core foundational necessity for cybersecurity because if you have stuff in there that you don’t know about, fundamentally, it’s gonna become vulnerable at some point.

Paul: I think this type of equipment is, at least in my experience, very common to make its way through non-official channels sometimes into your network. Unless you’re looking for it, you don’t know it exists. You’re doing a network upgrade or some kind of networking project and you didn’t order enough Cisco switches or you’ve got this remote site. I don’t have any more of my enterprise gear, my juniper, my cisco, whatever it is. So someone go to Best Buy, because there’s always a Best Buy near where you are, at least that’s the one electronic store that you can go buy a switch, slap it in the network, and call it a day.

Wes: Yeah, hit the nail on the head. Shadow IT is absolutely an avenue that these types of devices make it into IT infrastructures. But you also see this in scenarios where, especially after COVID, for work from home folks, the people that we have doing work from home that have this kind of equipment inside of their own networks at home, that can then piggyback and use that as an avenue to come in through something like a SD-WAN device or something along those lines that rides on the same network.

Netgear’s Security Improvements

Paul: Many of the KEV listed vulnerabilities, so known exploited vulnerabilities, most are from 2022. One is from 2021 and one is 2023. Many of them are for gear that has reached end of life, so they’re not going to produce an update for it. What we see today with Netgear is the devices they are manufacturing, bringing to market and supporting today are covered under their Bug Bounty program. I spoke about this on previous podcasts. Netgear has a great Bug Bounty program.

Casey Ellis is my friend, right? But they use BugCrowd. I like BugCrowd. Again, full disclosure, Casey’s good friend of mine, so I support his company. Regardless, I still support his company, so I think they’re great. But Netgear’s had a great bug bounty program. In fact, some of my other friends have been researchers participating in their bug bounty program. Matt Brown has a few Netgear bug bounty reports to his name of things that he’s found. There were vulnerabilities. They fixed it, he got a payout.

So I don’t know if it was 2022 was like the turning point for Netgear where they came under scrutiny from who knows FTC. It could be a number of different pressures that they received to go, we need to pay attention to security, create a bug bounty program and have greatly increased the resiliency in their firmware. In my opinion, I’ve looked personally at some recent Netgear stuff and there isn’t the obvious things that you were finding in 2022 and prior. So props to them.

Technical Architecture and Capabilities

Linux-Based Architecture and Forensics

Vlad: So I don’t think I looked at Netgear specifically, but from what I understood your description, so Netgear is mostly gonna be like your usual home slash small business offering, which somehow also makes its way into enterprise. So most of them are kind of similar in how it’s structured. I would assume it’s just your normal Linux.

Paul: I believe we support the firmware integrity validation. We have a large number of Netgear firmware samples because they’re on the internet for people to download and update devices. So that allows us to create a database and do firmware integrity and say is the firmware you’re running really the firmware from Netgear or has it been tampered with? Which I think is awesome, especially in the case of a flyaway kit where it could be plugged into who knows what network in contact with who knows what kind of attackers. When it comes back, is that firmware been tampered with or not, that’s a pretty common use case actually for our customers, Wes, right?

Wes: It is absolutely and and one of the interesting parts there that you mentioned is that since these are basically just an embedded version of Linux on them all the same standard I’ll say forensics and and DFIR techniques can be leveraged on these devices too every time I’ve touched a Netgear device it pretty much had a complete shell on it so I could do all kinds of fun stuff on it and that includes doing you know, what I would call best practices on these devices for monitoring for change and looking at config changes and monitoring for malicious processes and all of those things as well, just from a standard security perspective on these devices.

Vlad: Yep, it also allows to download self-image, like I can see that our team actually found stuff that does it. So in this case, you can download the entire image and check it for integrity, I assume. Also, it does have logging.

Paul: So you can get an image of the running firmware. That’s awesome.

Vlad: I presume yes. I’m just looking at what the team implemented, so I didn’t dig too hard. And also you can get logs, which is also super useful. Log of requests is sometimes much more useful than what you’ll get from the file system, because it might be easier to hunt down if it even was attempted to attack this device or not.

Processor Architecture Evolution

Paul: I feel like the industry, and I haven’t really dug in and checked, but what I’m hearing is, and somewhat observing, is that the processors for these IoT devices years ago were based on MIPS architecture. Right and so when i was looking at the wrt-54g that was a classic very popular router right that ran a MIPS SOC from Broadcom you know Broadcom i believe made made the actual SOC and it was a MIPS based architecture and it’s a very reduced instruction set.

It’s interesting i was listening to a podcast and the one of the hosts said in college they learned MIPS assembly and architecture because it was such a reduced instruction set it was much easier to learn. You get into x86, x64, the instruction set is huge, right? So it was a good proving ground. And then they said that MIPS was just acquired by ARM, but acquired by the, or AMD, and the company that AMD created to make the chips actually acquired MIPS, and they’re gonna be making RISC-V architecture. But the trend that I’ve seen that replaced MIPS is ARM.

Most of the IoT routers after a certain point in time all have ARM architecture, which gives the attackers now a common base. I think there’s a lot better Linux support for ARM than there is for MIPS. Likely do like Raspberry Pi and stuff like that. A lot of packages get ported to ARM.

Vlad: It’s not just the IoT either, like BMCs are ARM nowadays, like lot of more modern BMCs are ARM and not MIPS.

Paul: Right. Also were they MIPS before too, the BMCs?

Vlad: Yep, I think sometimes we meant MIPS, but like the modern devices, I mostly see ARM.

Gigabyte UEFI Vulnerabilities

Binary Ninja’s Discovery and Reporting

Paul: Let’s move to gigabyte actually kind of impressed how much this was covered in the security news much of anyone else noticed that you like literally can’t check your security feeds today security websites without coming across a reference to a handful of vulnerabilities that were discovered and reported by Binary Ninja. Which was weird. It looked like they reported them to Carnegie Mellon CERT rather than AMI directly unless they had communications with AMI. Cause we don’t, know the AMI team pretty well. They’re awesome people to work with.

Basically AMI had fixed these issues. So AMI being in the supply chain, the upstream provider to Gigabyte, Gigabyte modifies the UEFI software that came from AMI and customizes it for their specific platforms. But Gigabyte had not applied the updates that AMI had made available to mitigate these issues. And I think that’s every single one of them. And there’s quite a few motherboards, over 500, that ended up with these vulnerabilities and they’re very similar vulnerabilities to the ones that we’ve disclosed. They deal with SMM, SMRAM, the ability to put malware inside of UEFI due to vulnerabilities in the code base.

Wes: Yeah, so I think the delineator there for between where they went and spoke to AMI and where they disclosed through Carnegie Mellon CERT was when the systems were out of date or were out of support out of manufacturing. For the ones where Gigabyte was not going to release any patches for, I think those are the ones there where they released through CERT. The other ones where there were patches, they did do a proper disclosure with AMI.

The Problem of Lingering Vulnerabilities

Paul: Yeah, so there’s a bunch of boards that won’t get updates. And what’s interesting is this is more common than you think. There’s a lot of gear out there that has vulnerabilities, ones we’ve disclosed, ones Binary Ninja have disclosed in the past that are just lingering. Like, no one’s just scanned that particular UEFI version to determine if they have vulnerabilities in it yet. But my laptop from 2020, my MSI, not to pick on MSI, because every manufacturer makes gear and eventually doesn’t provide updates for it. Like that’s just the way the world works across every single manufacturer but my MSI laptop which I love by the way it was an i7 I bought in 2020 there was no UEFI update for that subsequent to 2020 so think about all the UEFI vulnerabilities have been disclosed in the past five years quite a large number of them that still could persist in that UEFI image that no one’s really scanned right

Wes: Did you just tell us that your system’s vulnerable to UEFI malware?

Paul: Yeah, it is. 100%. It is.

UEFI Monitoring Challenges

Paul: If there’s no updates available, I actually again I’m not trying to pitch the product but our product does this right the product will tell you hey your UEFI has changed so When I’m monitoring that system with Eclypsium I have that configured as an alert tell me if the UEFI changes I’m assuming you could do that without our product, but it’s really hard Vlad might shed light in this because there’s like stuff that should change in UEFI and stuff that shouldn’t and Figuring that out is just very difficult

Vlad: Yeah, yeah. UEFI has a bunch of variables which are changing. There is literally a boot counter variable sometimes. So every time you shut the system down and boot it back up, it changes. So that’s normal. What’s not supposed to change for sure are UEFI binaries. Because if that changes, that’s definitely not normal. Unless you do an update, of course. If you do an update that sure, you just literally asked the system to update binaries in there. Otherwise, it really doesn’t have a reason to.

Wes: Can’t you just monitor PCR0 if your system has a TPM for that change?

Vlad: Maybe, but the problem with PCRs is that they’re kind of cryptic. Like what do they change because of? Like, it might be something other than just UEFI binaries. So that’s the problem. Like, sure, it’s useful, but you cannot be 100 % certain. It’s not about something else changing as well. And in this case, actually dumping the SPI things and checking the changes, it’s actually useful.

Supply Chain Security Maturity Differences

Wes: Yeah, I think you find Gigabyte more in the consumer space anyway. Same thing with like MSI, like you mentioned. It’s just their target customer base, so to speak. So you’re going to see that more in the consumer. That’s why you see a lot more of the consumer features that make life a little easier for the home user.

Paul: Yeah, so there’s a bunch of boards that won’t get updates. And what’s interesting is this is more common than you think. There’s a lot of gear out there that has vulnerabilities, ones we’ve disclosed, ones binary have disclosed in the past that are just lingering.

Wes: Correct. Yeah, so like the HP and the DELs and the Lenovo’s of the world mostly manufacture their own hardware and manage their own complete bottom to top infrastructure. that’s really why you see kind of the people that the organizations, OEMs, ODMs that use a lot of the very same reference kind of architectures. And then you see the DEL, HP and kind of Lenovo and and to some extent even super micro kind of going off and doing their own things.

Paul: Their own thing, right? But Gigabyte makes a motherboard for you to go build your own computer for the consumer market largely is where I’ve seen them play.

Wes: Yeah, and one of the key things that you’ll see there is also, as those vendors have stepped up to do a lot more of their own thing, they’ve built their own things like supply chain security programs too. So I mean, HP and Dell, for example, do great jobs of being transparent in their supply chain, are pushing the industry forward with things like actually being able to validate provenance of the firmware and where the chips were manufactured.

Windows Platform Binary Table (WPBT)

Vlad: Yeah, like a lot of motherboards intended for home try to drop a bunch of binaries into the system automatically. Like I have seen this behavior with ASUS, I have seen this behavior with Gigabyte specifically. It’s not just them though, it’s just something I observed in the wild, right? So yeah.

Paul: There’s a facility that, in a standard they built to do that in Windows to allow UEFI to drop binaries in the operating system. What is that called now? I don’t remember what it’s… Yes. Yes. What is that? WPB… Windows Platform Binary Table? WPBT, right? I think that’s what it is.

Vlad: WPBT I think, yes?

Paul: It’s like food. Yeah, it’s not something that most people are familiar with or dig into, right? But given what we do, I’ve dug into it. Now it’s starting to come back to me. The story I read was the Microsoft didn’t want every OEM coming up with their own way to deliver software to Windows that allows you to like update UEFI. So they created the Windows Platform Binary Table as a facility to allow them to do that. They would all use that more standard way. But then of course, mistakes can be made even though there’s a standard way to do it. We still uncovered flaws in that process.

Wes: I mean, it was less the flaws in the process. The process worked as designed. The flaws were simply put in the software. Yeah, I mean, didn’t validate, in this case, it didn’t validate the SSL certificate or any of the secure communications to the update server. So you ended up in a scenario that if you do a simple man in the middle or DNS poisoning, you could then tell the system that it had a BIOS update or a firmware update, and then that system could automatically upgrade it.

Gaming Culture’s Impact on Computing

From Gaming to AI Infrastructure

Chase: The, I’m kind of taking us in different direction, but this pipeline that you’re talking about, the influence that gamer culture has on worldwide computing paradigms is so funny because it’s like GPUs initially, you know, invented for gaming, right? And then it’s like, it turned out that, turned out that they had a bunch of characteristics that made them really great for crypto mining. And then now it’s like…

Paul: Yeah, and password cracking too is the other, right?

Chase: And then a bunch of the AI data centers, the Neo cloud data centers were founded by crypto miner guys, former people who’d been doing crypto mining. And then they’re like, what are those people good at? They’re good at buying GPUs. Turns out that’s what you need for crypto mining and is what you need for AI data centers. And so you have this pipeline of like, what do people want for their gaming rig to this worldwide, like AI data center mega trend.

Paul: I didn’t know that.

Chase: It’s wild to watch and just that sort of like variety in the components, the different firmwares and stuff that we’re talking about, the sort of heterogeneity of that. It’s like impossible to keep track of any given enterprise, any given data center, any given environment is going to have all these different, you could have different gigabyte, tons of different gigabyte UEFI or gigabyte firmwares in one single environment. And how would you possibly, how would you know? How would you even figure out? It seems like it would be an incredibly laborious manual process to audit an enterprise environment for these vulnerabilities that we’re talking about.

Vlad: I mean… It gets even crazier because if you think about it, what’s computer graphics? it’s matrix multiplication all around. What’s AI? It’s also matrix multiplication all around. So like, they literally do the same operation over and over again. So yeah.

Anti-Cheat and Secure Boot

Paul: Yeah, but going back to gaming too, it’s interesting that the anti-cheat components of gaming requires UEFI plus secure boot. And, right, so it’s…

Vlad: I mean… They still… They don’t work, but okay.

Paul: Yeah, but it’s also interesting that these vulnerabilities that were disclosed, as are many vulnerabilities in UEFI, allow an attacker to bypass secure boot. I think largely it depends on where the vulnerability lives in UEFI and how early in the process you can execute code allows you to circumvent secure boot.

Vlad: I mean, just think about it. Secure boot bypass can facilitate cheating in online games or in pro tournaments and whatnot, because if you bypass secure boot, you can install your cheats. And similarly, if you look at markets, there is actual special hardware sold for cheating, like a special PCI card which you insert, which pretty much gives you cheats in the game. So yeah, that exists.

Paul: Really i didn’t know that so what is it do load a loaded dixie driver from the card

Vlad: So specifically it likes to abuse the direct memory access technology to actually read games memory and then for example output your extreme of let’s say wallhacks on another computer or let’s say you can connect a mouse through it and it will automatically click shooting when you hover over an enemy’s head so that like it auto shoots for you for example. So there are variety of stuff it does.

Paul: And the DMA gives them direct access to memory to do that.

Vlad: Yeah, a lot of access and it’s nearly impossible to detect for any anti-cheat because it doesn’t break secured boot, it doesn’t break UEFI, it doesn’t install any drivers into the kernel memory. You literally have to scan your PCI devices now as an anti-cheat software. So if anything, we might be able to partner with some anti-cheat software vendor at some point. So however crazy it sounds, it’s definitely on the table.

Nvidia Row Hammer Attacks

GPU Memory Integrity Vulnerabilities

Paul: Final thing that one to close out the show with was talking about it did you use the broken attacks this was also very very prominent in the security news role here was essentially because the chips are so dense on but the ram stick of memory that you could is you could read or write adjacent chips on the ram forget exactly how broke ever works but that’s the basic

These attacks are conducted remotely. I think I was getting it confused earlier this week with the ones where you have to Freeze the RAM and then stick it in another stick it in another system. That’s a different attack Row hammer you can absolutely you do not need physical access But this is row hammer on a GPU not the system DRAM

Chase: Yeah. And something that something that was pointed out in the stories about this, which like you said, it’s been written up in bleeping computer and Ars Technica anywhere you’d expect. Something that was pointed out is that this type of sort of memory integrity challenge has been around for CPUs for a long time and they have mitigations essentially. There’s like instruction level access controls and stuff to try and mitigate against someone exploit. It’s a physical behavior of the DRAM that allows you to cause a bit flip, which I think one of the stories about it quoted that it would reduce. It could potentially reduce model accuracy from 80 % down to like 1%. So huge impact to model accuracy of yeah, AI stuff being operated on the GPU.

But also it’s like GPUs, TPUs, the sort of AI specific hardware just are not as far along the trajectory of having having had enough just attacks thrown at them over time that they had to build in these kinds of mitigations. So they don’t have as mature of security baked into the hardware as CPUs do.

ECC Memory as Mitigation

Paul: It sounds like based on Nvidia’s guidance that they’ve published on this that the DRAM in the GPUs supports ECC or error correction and that enabling this is a mitigation for the attack. I’m not sure if you take a performance hit with ECC. I mean on these cards you probably wouldn’t really notice that. mean if you run a large AI model maybe but there is a performance hit for that ECC right?

Vlad: So, yes, yes and no. Like if you enable ECC RAM in a game, for example, which was done by, I believe, LinusTechTips, you will not see any impact whatsoever on performance. But, there is a huge, huge but. AI is actually dependent on DRAM a lot more than it is dependent on actual GPU chip performance. Like, believe it or not, but as far as I have seen, it really depends on DRAM by large margin. So enabling ECC RAM might affect performance there, but it depends a lot on how good your throughput of that memory will be.

Chase: The stories reporting on this are speculating like up to 10 % performance impact from enabling ECC, which seems bad to me. I mean, context is everything, but I don’t want a 10 % performance impact on anything I’m doing.

Paul: Well i think i’ve most workstations you probably not going to notice but on a large a workload ten percent you probably will notice right

Vlad: You will. Yeah, if your AI workload already takes a day, it will suddenly take two or three extra hours, and that might be a lot.

Consumer vs Enterprise Impact

Vlad: Yeah, like, and again, in consumer hardware, you’re not as worried about the 10 % because 99 % of the time, you’re not even using it to full potential. Like if you have something like a 4090 and you run a game, you might be utilizing like one third of your GPU. So even if you enable it there, good luck feeling any difference, maybe except for like absolute top tier games that absolute ultra settings on 4K screen and whatnot. Yeah, maybe you will feel it there, but aside of that case. But for AI, sure.

Paul: But these were i think it yet in video i think listed like blackwell gp uses also being so it’s all their a i s specific hardware that’s also vulnerable to this as well so whether you’re gaming or whether you’re doing a i you know trading models we can want to pay attention to this and you know do some testing but certainly consider enabling ecc to prevent against this attack so

Vlad: I mean, AI specific chips in this case are just binned chips from the same production line, I guess. Like, hey, this chip for AI is just a better version, with less broken stuff than it is a 5090 or whatever, right? So it’s not a separate pipeline of the push-outs chip specifically for AI, and suddenly it’s not vulnerable. No, it’s the same chip. Like it just… pin them based on how many live transistors are there and how well it handles the load.

Conclusion and Recommendations

Paul: So yeah, make sure you check if ECC is enabled on your GPUs. Nvidia has instructions on how to do that, how to check, and also how to enable it on your system. I think we’re working on a check. It’s not an indication that you’re necessarily vulnerable, but if you have one of these products and you don’t have ECC enabled, it’s a finding, certainly. It’s not definitive proof that you’re either vulnerable or succumbing to a threat, it is an indication of a security control that you should probably consider.

So awesome. Anything else that you guys wanted to add this week on any of the three topics that we talked about?

Vlad: Not really. I think that’s pretty much it.

Paul: Well, fantastic. Thank you everyone for listening and watching this edition of Below the Surface. That concludes this episode, and we’ll see you next time.

Chase: Thanks guys.

Key Takeaways

  1. Shadow IT Proliferation: Netgear devices commonly enter enterprise networks through unofficial channels like emergency purchases at Best Buy or through mergers and acquisitions, creating blind spots in security monitoring.
  2. APT Targeting: Nation-state actors and ransomware groups are actively exploiting Netgear vulnerabilities, with eight CVEs currently on the CISA Known Exploited Vulnerabilities list, primarily affecting end-of-life devices.
  3. Security Evolution: Netgear has significantly improved their security posture since 2022, implementing a comprehensive bug bounty program and addressing obvious vulnerabilities in newer firmware releases.
  4. UEFI Supply Chain Gaps: Binary Ninja discovered vulnerabilities affecting over 500 Gigabyte motherboards where the company failed to apply upstream AMI security fixes, highlighting supply chain communication breakdowns.
  5. Consumer vs Enterprise Security: Consumer-focused manufacturers like Gigabyte and MSI lag behind enterprise vendors (Dell, HP, Lenovo) in long-term security support and supply chain transparency programs.
  6. UEFI Monitoring Complexity: Detecting UEFI changes requires sophisticated tooling since legitimate variables change frequently while malicious binary modifications are harder to distinguish without proper analysis.
  7. Gaming to AI Pipeline: The evolution from gaming hardware to crypto mining to AI infrastructure creates unexpected security implications, with gaming anti-cheat requirements driving secure boot adoption.
  8. GPU Security Immaturity: Graphics processing units lack the mature security mitigations found in CPUs, making them vulnerable to row hammer attacks that can reduce AI model accuracy from 80% to 1%.
  9. ECC Performance Trade-offs: Enabling error correction on GPU memory to prevent row hammer attacks may cause up to 10% performance degradation, significantly impacting AI workloads that rely heavily on memory throughput.
  10. Architecture Standardization: The industry shift from MIPS to ARM processors in IoT devices provides attackers with a more standardized platform and better tooling support for exploitation.

Episode Length: Approximately 48 minutes

Back to all Podcasts