Language Selection

English French German Italian Portuguese Spanish

Unsigned Firmware Puts Windows, Linux Peripherals at Risk

Filed under
Security

Researchers at firmware security company Eclypsium on Tuesday released new research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers.

Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.

The demonstration shows the exposed attack vector once firmware on any of these components is infected using the issues the report describes. The malware stays undetected by any software security controls.

Unsigned firmware provides multiple pathways for malicious actors to compromise laptops and servers. That leaves millions of Windows and Linux systems at risk of firmware attacks that can exfiltrate data, disrupt operations and deliver ransomware, warned Eclypsium.

Read more

Failure to sign firmware updates put Windows and Linux devices

Windows & Linux Devices at Risk From Unsigned Peripheral...

  • Windows & Linux Devices at Risk From Unsigned Peripheral Firmware

    Reportedly, researchers from Eclypsium have discovered how a problem in peripheral devices can risk the security of entire systems. Specifically, they found that unsigned firmware in peripheral devices can allow an adversary to attack Windows, Linux systems. They have shared the details of their findings in a blog post.

    As revealed, unsigned firmware in a large number of WiFi adapters, trackpads, USB Hubs, and cameras impact various enterprise devices. Despite being known for years, the researchers state that many vendors paid no heed to this problem. Consequently, this issue makes the systems vulnerable to cyber-attacks.

"risky firmware"

  • 'Millions' of Windows, Linux system open to attack due to risky firmware

    Millions of Windows and Linux systems are vulnerable to attacks because of unsigned firmware, according to a new report from the security research group Eclypsium.

    Unsigned firmware was discovered in Wi-Fi adapters, USB hubs, touchpads and cameras used in computers made by Dell, Lenovo, HP and other laptop vendors. Those unprotected devices, often made by smaller part suppliers, are included on some of the most popular and best laptops, including the Lenovo ThinkPad X1 Carbon, HP Spectre x360 and Dell XPS 15.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Python Programming

  • PyCharm IDE 2020.1 Released with Interactive Rebasing

    PyCharm IDE 2020.1 was released a day ago as the first major release in 2020. The new version features interactive rebasing, smarter debugging, and JetBrains Mono font.

  • Flask Delicious Tutorial : Building a Library Management System Part 3 - Routes

    I have configured what we need in this repo: DeliciousFlask-3.1. Download it, and run app.py (If you are new to python see Part2). In this part we explore some concepts related to routes.

  • Talk Python to Me: #259 From Academia to Tech Industry and Python

    Did you come to Python from the academic side of the world? Maybe got into working with code for research or lab work and found you liked coding more than your first field of study. Whatever the reason, many people make the transition from the academic world over to tech and industry. On this episode, you'll meet three women who have made this transition, and you'll hear their stories. I'm excited to speak with Jennifer Stark, Kaylea Haynes, and Eslene Bikoumou about their journey to the tech field.

  • Test and Code: 108: PySpark - Jonathan Rioux

    Apache Spark is a unified analytics engine for large-scale data processing. PySpark blends the powerful Spark big data processing engine with the Python programming language to provide a data analysis platform that can scale up for nearly any task. Johnathan Rioux, author of "PySpark in Action", joins the show and gives us a great introduction of Spark and PySpark to help us decide how to get started and decide whether or not to decide if Spark and PySpark are right you.

  • Temporary Contact Number based Contact Tracing

    I have already talked here before about privacy preserving contact tracing to fight Covid-19 but I figured I give an update to this. I have spent the last week now investigating different approaches to this and my view has changed quite a bit. I strongly believe that contact tracing through phone apps is one of our best chances to return to normal and without losing our civil liberties. If you want to understand why, have a look at previous post about this topic. [...] If your local government is planning on implementing a covid tracing app it might be worth directing them towards Co-Epi. It already has an implementation of many of the same ideas in their GitHub repository. If they do want a centralized approach the Singaporean government Open Sourced their application under GPL3 under the name BlueTrace. It avoids largely unnecessary cloud infrastructure from what I can tell.

today's howtos

Jupiter Broadcasting (Bought by Linux Academy, Now Cloud Guru) Publishes Last Shows

  • Hiatus | Choose Linux 33

    Choose Linux enters indefinite hiatus.

  • Goodbye from Linux Action News

    In what turns out to be our final publication, we say goodbye.

  • 2020-04-09 | Linux Headlines

    The Fintech Open Source Foundation is joining The Linux Foundation, Samsung releases user-space exFAT tools for Linux, Docker Compose is getting a formal specification with the help of a new open source community, and the latest Windows 10 Insider Preview includes File Explorer integration in the Windows Subsystem for Linux.

  • Compromised Networking | Self-Hosted 16

    We share some WiFi tips and essential network ideas. And discuss one of our most significant compromises in the show so far.

Android Leftovers