5 Years After the Equation Group HDD Hacks, Firmware Safety Nonetheless Sucks

WAV Audio Files Are Now Being Used To Hide Malicious Code

In a report revealed right now, Eclypsium, a cyber-security agency specialised in firmware safety, says that the problem of unsigned firmware continues to be a widespread downside amongst system and peripheral manufactures. From a report: In response to researchers, many system makers nonetheless do not signal the firmware they ship for his or her elements. Moreover, even when they signal a tool’s firmware, they do not implement checks for the firmware signature each time the driving force/firmware is loaded, however solely throughout set up. Researchers say this leaves the door open for malicious actors to tamper with native firmware after it has been put in with a view to plant persistent and almost invisible malware on consumer gadgets. To show their level, of their report, the Eclypsium group disclosed vulnerabilities in 4 varieties of peripheral firmware — for touchpads/trackpads, cameras, WiFi adapters, and USB hubs. “Apple performs signature verification on all information in a driver package deal, together with firmware, every time earlier than they’re loaded into the system, to mitigate this sort of assault,” the Eclypsium group mentioned. “In distinction, Home windows and Linux solely carry out this sort of verification when the package deal is initially put in.” However whereas some may be fast in charge the working methods for not implementing a stricter firmware signing apply, the Eclypsium group is just not on this boat.

Learn extra of this story at Slashdot.