Jump to content

The Hidden Dangers Inside Windows & Linux Computers


pondus
 Share

Recommended Posts

How is it relevant to PC's, since one has to gain access to devices to update firmware

Quote -

Many components can be updated without the need for special privileges, leading  to a very simple and powerful scenario for an attack:

An attacker gains access to a device via any method, such as malware delivered via email or a malicious website, or an evil maid attack. With basic user privileges, the attacker/malware could write malicious firmware to a vulnerable component.

If the component doesn’t require the firmware to be properly signed, the attacker’s code is loaded and run by the component.

The attacker can then use the unique functionality and privileges of that component to further an attack.

Selectionshot_2020-02-20_14:46:56.png

Link to post
Share on other sites

Kind of old news, but on a similar subject:

https://www.welivesecurity.com/2017/10/19/malware-firmware-exploit-sense-security/
https://www.eweek.com/security/new-russian-malware-can-embed-itself-in-pc-firmware
https://www.kaspersky.com/blog/equation-hdd-malware/7623/

There have also been others.  I remember not too long ago a blackhat talk about infecting the firmware of hardware devices and how many hardware vendors made it quite easy due to lack of basic things like signature validation/hash verification etc. so it's nothing new and has been around as long as devices uses firmware to control them (which is pretty much forever as far as computing goes).

Link to post
Share on other sites

Sure, bad USBs, fake keyboards/keyloggers and tons of other physical dangers and infection vectors, but generally speaking the bad guys have to run some kind of code on the system to leverage any of those attack vectors, so staying clean is actually much easier as long as your outer defenses are good and you don't go picking up mysterious flash drives you find lying on the ground and go plugging them into every device that you own.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.