Language Selection

English French German Italian Portuguese Spanish

Unsigned Firmware Puts Windows, Linux Peripherals at Risk

Filed under
Security

Researchers at firmware security company Eclypsium on Tuesday released new research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers.

Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.

The demonstration shows the exposed attack vector once firmware on any of these components is infected using the issues the report describes. The malware stays undetected by any software security controls.

Unsigned firmware provides multiple pathways for malicious actors to compromise laptops and servers. That leaves millions of Windows and Linux systems at risk of firmware attacks that can exfiltrate data, disrupt operations and deliver ransomware, warned Eclypsium.

Read more

Failure to sign firmware updates put Windows and Linux devices

Windows & Linux Devices at Risk From Unsigned Peripheral...

  • Windows & Linux Devices at Risk From Unsigned Peripheral Firmware

    Reportedly, researchers from Eclypsium have discovered how a problem in peripheral devices can risk the security of entire systems. Specifically, they found that unsigned firmware in peripheral devices can allow an adversary to attack Windows, Linux systems. They have shared the details of their findings in a blog post.

    As revealed, unsigned firmware in a large number of WiFi adapters, trackpads, USB Hubs, and cameras impact various enterprise devices. Despite being known for years, the researchers state that many vendors paid no heed to this problem. Consequently, this issue makes the systems vulnerable to cyber-attacks.

"risky firmware"

  • 'Millions' of Windows, Linux system open to attack due to risky firmware

    Millions of Windows and Linux systems are vulnerable to attacks because of unsigned firmware, according to a new report from the security research group Eclypsium.

    Unsigned firmware was discovered in Wi-Fi adapters, USB hubs, touchpads and cameras used in computers made by Dell, Lenovo, HP and other laptop vendors. Those unprotected devices, often made by smaller part suppliers, are included on some of the most popular and best laptops, including the Lenovo ThinkPad X1 Carbon, HP Spectre x360 and Dell XPS 15.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Ubuntu 20.04 LTS Beta is Available. Download Now.

The beta release of Ubuntu 20.04 LTS is here and it is available for download immediately. The final release is planned on Apr 23, 2020, and this beta release gives early adopters, testers a quick preview on what to expect on the final product. Read more

The cataloging of free software

The Free Software Directory is a collaborative catalog of software aimed to be the primary source for representing all free software. Each free program has its own page in the Directory from which it is possible to study the evolution it has undergone in both technological and legal terms through a chronological system similar to that of Wikipedia. Each catalogued program is distinguished by one or more aliases, and accompanied by a huge amount of information, which goes beyond the pure needs of the end user. Snapshots of the graphic interface, detailed descriptions, change logs, links to social pages, and lists of licenses and dependencies are examples of all the useful information which can be carefully attached by users to each page. Everyone can freely subscribe to the Directory and create new pages, but only the pages reviewed and approved by administrators become visible and indexable. Administrative approvals are always made according to strict rules aimed at preventing the spread of proprietary content. As on Wikipedia, each user can have a self-approved personal page, where they can define their identity and discuss with other users. Users can also include sub-pages on which to publish their thematic articles, and any tools useful for the daily life of the Directory. User access rights are assigned to active users, and all those who demonstrate that they have the necessary technical skills and wish to devote themselves daily to the care of the pages have a chance to be welcomed onto the staff. This serene and flexible organization, based on bonds of trust built on facts and adherence to well-defined common ideals, guarantees that the technological and social development produced by the project is gradual but unstoppable. Thus, any investment of time by volunteers is amply repaid. The project has proved to be a clear success, so much that over the years it has received funding from UNESCO, and is still supported by the Free Software Foundation. The portal boasts the participation of more than 3,000 users from all over the world. Since its creation, it has accumulated more than 80,000 verified and recorded revisions for posterity in the chronology of the MediaWiki pages, all of which are dedicated to facilitating the essential freedoms in more than 16,000 free programs. The portal's ability to adapt and survive was possible not only because of the technical creativity of the staff, but also by the solid ideal at its base. By guaranteeing maximum visibility to free software, it has thus rewarded developers who freely employ their knowledge for the good of humanity. The transition to free licenses is indeed a moral duty of every developer, and the Free Software Directory is deployed at the forefront to facilitate it with great benefit to the world's cultural heritage. Read more

Software: Remote Working, Cockpit, YouTube Tools and Sparky Upgrade

  • FSFE Supporters write about Free Software for remote working

    Due to the ongoing Covid-19 virus outbreak many employees - voluntarily or mandatory - are working remotely now. Many organisations who have not been used to remote working so far now face a number of difficulties adapting to the situation. To avoid potential lock-ins, some FSFE supporters collectively wrote about the good reasons to use Free Software for remote working and collected a detailed list of practical solutions in our wiki. Because of the ongoing Covid-19 virus outbreak many organisations who never previously directed any strategic thought towards the available solutions for remote working in their business now opt for a quick solution and choose to follow the - in the beginning often free of charge - offerings from big tech companies and their proprietary solutions. However, such proprietary solutions lock-in these organisations in the future. Choosing a Free Software solution instead means to opt for a solution that has a future, where your organization no longer depends on a particular vendor or file format or whichever other means those vendors choose to lock you in. Free Software puts you in control.

  • Cockpit 216

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 216.

  • Excellent Console-Based YouTube Tools

    YouTube is a video-sharing website, created in February 2005, and purchased by Google in November 2006. The web service lets billions of people find, watch, and share originally-created videos. This service lets you watch a wide variety of user-generated and corporate media video. It also offers a forum for people to communicate with others around the world, and acts as a distribution platform. Mainstream media corporations such as CBS, Vevo, Hulu and the BBC publish some of their catalog via YouTube, as part of the YouTube partnership program. Although some parents might disagree, YouTube is one of the shining lights of the internet. According to a survey of 1,500 American teenagers commissioned by Variety, the top five most influential celebrities are YouTube stars, with mainstream celebs eclipsed. Moreover, there are many thousands of “YouTube celebs” who have spun a full-time career of creating videos. This new wave of young ‘YouTubers’ threaten mainstream entertainment with their direct video blogs and interaction with their millions of mostly teenage devotees.

  • Sparky Upgrade text tool

    There is a tool available for Sparkers, which lets you make full system upgrade in a text mode via just one command: Sparky Upgrade.

New Screencasts: Ubuntu 20.04 Beta, Kubuntu 20.04 Beta and Nitrux 1.2.7