Threat Reports

January 2020 Firmware Threat Report

Eclypsium Threat Report January 2020 Firmware


Yesterday Eclypsium published new research exposing vulnerabilities to Direct Memory Access (DMA) attacks in laptops from HP and Dell. Eclypsium researchers, Mickey Shkatov and Jesse Michael demonstrated that high speed DMA attacks can bypass hardware protections on enterprise devices. This powerful class of attacks is an industry-wide issue that threatens servers as well as laptops. 

Join us for a live webinar on February 5th. REGISTER NOW

What is your line of sight to potential firmware vulnerabilities? Did you know that 2019 had the most firmware vulnerabilities ever discovered? There was a 43% rise over the previous record in 2018. This whitepaper outlines 5 questions to evaluate and improve your firmware security posture.

INDUSTRY PERSPECTIVE

FIRMWARE SECURITY RESEARCH

FIRMWARE SECURITY ADVISORIES

  • Cable Haunt is a critical vulnerability found in cable modems across the globe from different manufacturers. The vulnerability allows for remote arbitrary code execution. The vulnerability originated in reference software, which is copied by different cable modem manufacturers when creating their cable modem firmware.
  • HPE Superdome Flex Server Firmware Bundle is a critical patch for the multiple remote vulnerabilities.
  • Netgear Signed TLS Cert Private Key Disclosure There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware. The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear’s support website, without authentication; thus anyone in the world could have retrieved these keys.
  • Positive Technologies discovered a bug in CSME on-die ROM. Specifically, security fuses can be extracted and Mehlow and Cannon Point chipsets are affected. Intel reports that this bug is targeted under CVE-2019-0090.
  • Report: Lenovo Blames USB-C Issues on Thunderbolt Firmware. Lenovo said that “USB-C issues affecting some of its ThinkPad notebooks were caused by problems with Thunderbolt firmware.” 

ADDITIONAL READING & LISTENING

  • View Uncover, Understand, Own – Regaining Control Over Your AMD CPU. Listen to how researchers reverse engineered an unknown subsystem.They looked at what the AMD Secure Processor actually is – a dedicated security subsystem that runs code you don’t know and don’t control.
  • Listen to the On the Metal podcast starring Eclypsium’s Rick Altherr. Rick discusses firmware as the latest attack vector, impossible bugs and the impact these attacks have on organizations.
  • Firmware security researcher, Daniel Maslowski, provides an introduction to developing custom and open source firmware.
  • Boot2root: Auditing Boot Loaders by Example: This talk on auditing boot loaders focuses on attack surfaces and the need for more security designers reviewing bootloaders and the related software, firmware and hardware.

FIRMWARE SECURITY WEBINARS

  • Answering your questions—join Eclypsium’s principal researchers, Mickey Shkatov and Jesse Michael for a Q&A about Direct Memory Access (DMA) Attacks 
    • When: Wednesday, February 5, 2020 at 10  a.m. PDT. 
    • What: Direct Memory Access (DMA) attacks are an industry-wide issue allowing direct access to information and kernel privileges, which can be devastating. Our research shows that enterprise-class laptops, servers, and cloud environments continue to be vulnerable to DMA attacks, even in the presence of protections. 
    • REGISTER NOW >
  • Join Eclypsium for the Anatomy of a Firmware Attack webinar 
    • When: Tuesday, March 3, 2020 at 11 a.m. PDT.
    • What: By attending this webinar you will walk away with a better understanding of the rise of firmware and hardware attacks, attacker motivations, key firmware components, and their role in an attack, attack vectors and malicious techniques. We will conclude with a case study of an in-the-wild attack.
    • REGISTER NOW >

UPCOMING ECLYPSIUM TRAINING

Eclypsium is known for its excellent training in firmware security and threat prevention. These two-day sessions teach security at the hardware and firmware levels, understanding attacks against system firmware, how to mitigate them, how to identify vulnerabilities and how to perform basic forensics on different firmware components.

Sign up for our upcoming training at CanSecWest 2020: