Five Years After the Equation Group HDD Hacks, Firmware Security Still Sucks
In a report published today, Eclypsium, a cyber-security firm specialized in firmware security, says that the issue of unsigned firmware is still a widespread problem among device and peripheral manufactures. From a report: According to researchers, many device makers still don't sign the firmware they ship for their components. Furthermore, even if they sign a device's firmware, they don't enforce checks for the firmware signature every time the driver/firmware is loaded, but only during installation. Researchers say this leaves the door open for malicious actors to tamper with local firmware after it's been installed in order to plant persistent and nearly invisible malware on user devices. To prove their point, in their report, the Eclypsium team disclosed vulnerabilities in four types of peripheral firmware -- for touchpads/trackpads, cameras, WiFi adapters, and USB hubs. "Apple performs signature verification on all files in a driver package, including firmware, each time before they are loaded into the device, to mitigate this type of attack," the Eclypsium team said. "In contrast, Windows and Linux only perform this type of verification when the package is initially installed." But while some might be quick to blame the operating systems for not enforcing a stricter firmware signing practice, the Eclypsium team is not on this boat.
from Slashdot https://ift.tt/2HvY2Um
Read more of this story at Slashdot.
from Slashdot https://ift.tt/2HvY2Um
Related Posts :
Apple Planning Switch To Randomized Serial Numbers Starting This Year- White House Reportedly Plans To Name Amazon Foe Lina Khan To FTC
- The World Needs Syringes. He Jumped In To Make 5,900 Per Minute.
- Universe's Oldest Known Quasar Discovered 13 Billion Light-Years Away
- China Debuts Train Prototype That Can Hit Speeds of 385 Miles Per Hour
0 Response to "Five Years After the Equation Group HDD Hacks, Firmware Security Still Sucks"
Post a Comment