Level 36
Researchers have discovered multiple instances of unsigned firmware in computer peripherals that can be used by malicious actors to attack laptops and servers running Windows and Linux.

The Eclypsium researchers were able to find unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras that are actively used with computers from Dell, HP, Lenovo, and other major manufacturers according to a report shared with BleepingComputer last week.

This is a big problem since millions of such devices are directly exposed to attacks designed to abuse this flaw to harvest and exfiltrate the users' sensitive information, to trigger denial-of-service states, and infect them with various malware strains such as ransomware.

Attacks abusing firmware flaws have previously used the firmware flasher modules in Equation Group's EquationDrug and GrayFish espionage platforms since at least 2010 to replace a device's legitimate firmware with a malicious one containing malicious payloads flashed on the spot.
... ....


Level 62
Content Creator
Malware Hunter
Fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium.

TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing.

“Software and network vulnerabilities are often the more-obvious focus of organizations’ security priorities, but firmware vulnerabilities could give adversaries full control over the compromised device,” Katie Teitler, senior analyst at TAG Cyber, said via email. “This could lead to implanted backdoors, network traffic sniffing, data exfiltration and more. Unfortunately, though, firmware vulnerabilities can be harder to detect and more difficult to patch.”

Firmware for peripherals can be burned into the integrated circuit of the device itself, or the component may have its own flash memory where firmware is stored. Firmware can also be dynamically provided by the operating system at boot time. Regardless of the implementation approach, firmware is used as the device-specific operating system for the peripheral in question, and can provide criminals with a rich attack surface if found to be vulnerable.

“Many peripheral devices do not verify that firmware is properly signed with a high-quality public/private key before running the code,” explained researchers at Eclypsium, in vulnerability research released on Tuesday. “This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted. An attacker could simply insert a malicious or vulnerable firmware image, which the component would blindly trust and run.”
Last edited: