Schneier on Security

NOVEMBER 6, 2018

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. This challenges the view that hardware encryption is preferable over software encryption.

Encryption 246

Encryption Firmware Advertising Software 246

Schneier on Security

AUGUST 22, 2022

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “

Encryption 351

Encryption Firmware Manufacturing Software 351

Schneier on Security

JULY 26, 2024

In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.

Firmware 320

Firmware Encryption Manufacturing Passwords 320

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 141

Firmware Telecommunications System Administration Malware 141

Schneier on Security

NOVEMBER 6, 2023

The capabilities generally required expensive SDRs­—short for software-defined radios­—that, unlike traditional hardware-defined radios, use firmware and processors to digitally re-create radio signal transmissions and receptions.

Firmware 311

Firmware Hacking Software 311

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware 145

Firmware Malware System Administration Technology 145

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

Schneier on Security

JULY 11, 2019

If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions : Start with your bulb off for at least 5 seconds.

Firmware 256

Firmware Software 256

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware 133

Firmware IoT Architecture Manufacturing 133

Bleeping Computer

JANUARY 14, 2024

GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [.]

Firmware 108

Firmware Software Mobile 108

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware 359

Firmware Passwords Internet Internet 359

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. The Barracuda Email Security Gateway (ESG) 900 appliance.

Firmware 347

Firmware Malware Software Ransomware 347

Schneier on Security

MARCH 8, 2023

These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right.

Malware 266

Malware Firmware Software Hacking 266

Schneier on Security

SEPTEMBER 24, 2018

The protection works by creating a simple check between an operating system and a computer's firmware, the fundamental code that coordinates hardware and software for things like initiating booting. If the computer shuts down normally, the operating system wipes the data and the flag with it.

Firmware 227

Firmware Encryption Software 227

Schneier on Security

FEBRUARY 19, 2021

Nonetheless, all but one vendor spread several private keys in almost all firmware images. Additionally, our evaluation showed that large scale automated security analysis of embedded devices is possible today utilizing just open source software. Anyhow, they are used quite rarely by most vendors except the NX feature.

Firmware 292

Firmware Software Engineering Internet 292

Adam Levin

MARCH 23, 2020

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

Firmware 219

Firmware Manufacturing Passwords Software 219

The Last Watchdog

AUGUST 26, 2024

New findings from Forescout ­– Vedere Labs , the industry leader in device intelligence, and Finite State , an industry leader in software supply chain security, emphasize the critical state of software supply chains in OT and IoT routers, revealing widespread vulnerabilities.

Firmware 100

Firmware IoT Manufacturing Cyber Risk 100

Security Boulevard

JUNE 8, 2023

A recent firmware snafu discovered in more than 400 computer motherboard models produced by Gigabyte offers some powerful lessons to guardians of software supply chains. The post The Gigabyte firmware backdoor: Lessons learned about supply chain security appeared first on Security Boulevard.

Firmware 96

Firmware Software 96

Schneier on Security

JUNE 28, 2021

Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems’ firmware. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe.

Firmware 296

Firmware Retail Hacking Ransomware 296

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 356

IoT Firmware Risk Manufacturing 356

Schneier on Security

OCTOBER 3, 2019

In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.].

IoT 213

IoT Firmware Data collection Architecture 213

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. ” concludes the report.

Passwords 136

Passwords Software Firmware Malware 136

The Hacker News

FEBRUARY 15, 2024

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1

Firmware 145

Firmware Engineering Software 145

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware checked for the presence of a firmware upgrade every ten seconds. The malware was able to steal user credentials and provide shell access.

Firmware 98

Firmware Malware Encryption Authentication 98

Schneier on Security

MAY 12, 2020

Ruytenberg says there's no easy software fix, only disabling the Thunderbolt port altogether. That opens a new avenue to what the security industry calls an "evil maid attack," the threat of any hacker who can get alone time with a computer in, say, a hotel room.

Firmware 252

Firmware Manufacturing Encryption Hacking 252

Krebs on Security

APRIL 26, 2019

The security flaws involve iLnkP2P , software developed by China-based Shenzhen Yunni Technology. The security flaws involve iLnkP2P , software developed by China-based Shenzhen Yunni Technology. A Webcam made by HiChip that includes the iLnkP2P software.

IoT 275

IoT Firewall Manufacturing Computers and Electronics 275

Malwarebytes

JUNE 13, 2024

Google has notified Pixel users about an actively exploited vulnerability in their phones’ firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device.

Firmware 144

Firmware Spyware Mobile Software 144

Security Boulevard

OCTOBER 8, 2024

In this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The post BTS #39 – The Art of Firmware Scraping – Edwin Shuttleworth appeared first on Security Boulevard.

Firmware 64

Firmware IoT Software 64

The Hacker News

JANUARY 31, 2023

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product.

Software 96

Software Firmware Engineering 96

Malwarebytes

NOVEMBER 10, 2021

They can all be obtained from software – including per-console root key, if you look hard enough! Fail0verflow announced they were able to retrieve all PS5 symmetric root keys, including a per-console root key, from the firmware itself. A root key is used to decrypt and reverse engineer the console’s firmware.

Hacking 141

Hacking Firmware Retail Engineering 141

Penetration Testing

FEBRUARY 19, 2024

Recently, Intel disclosed a total of 34 security vulnerabilities, encompassing 32 software issues and 2 firmware issues.

Penetration Testing 135

Penetration Testing Firmware Software 135

Security Affairs

JUNE 27, 2022

CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. SecurityAffairs – hacking, Codesys ICS Automation Software).

Software 115

Software Manufacturing Firmware Risk 115

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 136

Firmware Wireless Passwords Internet 136

The Hacker News

JULY 18, 2022

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. Further, the software was a malware

Passwords 130

Passwords Firmware Engineering Software 130

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware 144

Firmware Authentication Hacking Software 144

Dark Reading

APRIL 28, 2023

Software bugs are ubiquitous, and we're familiar with hardware threats. But what about the gap in the middle? Two researchers at Black Hat Asia will attempt to focus our attention there.

Firmware 99

Firmware Cybersecurity Software 99

Security Affairs

NOVEMBER 9, 2024

.” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. The study focused on the latest software version (74.00.324A), but experts believe that earlier versions (at least 70.x) x) may also be vulnerable.

Hacking 136

Hacking Firmware Software Manufacturing 136