In a report published today, Eclypsium, a cyber-security firm specialized in firmware security, says that the issue of unsigned firmware is still a widespread problem among device and peripheral manufactures. From a report: According to researchers, many device makers still don’t sign the firmware they ship for their components. Furthermore, even if they sign a device’s firmware, they don’t enforce checks for the firmware signature every time the driver/firmware is loaded, but only during installation. Researchers say this leaves the door open for malicious actors to tamper with local firmware after it’s been installed in order to plant persistent and nearly invisible malware on user devices. To prove their point, in their report, the Eclypsium team disclosed vulnerabilities in four types of peripheral firmware – for touchpads/trackpads, cameras, WiFi adapters, and USB hubs. “Apple performs signature verification on all files in a driver package, including firmware, each time before they are loaded into the device, to mitigate this type of attack,” the Eclypsium team said. “In contrast, Windows and Linux only perform this type of verification when the package is initially installed.” But while some might be quick to blame the operating systems for not enforcing a stricter firmware signing practice, the Eclypsium team is not on this boat.
Related topics
| Topic | Replies | Views | Last Activity | |
|---|---|---|---|---|
| Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack | 0 | 705 | February 19, 2020 | |
| Millions of Windows & Linux Systems are Vulnerable to Remote Hack that Manufactured by Lenovo, Dell, HP and Others | 0 | 802 | February 21, 2020 | |
| Massive Security Flaw Exposes Over 200 Tech Devices 🚨 | 0 | 87 | July 26, 2024 | |
| OpenWRT Code-Execution Bug Puts Millions of Devices At Risk | 0 | 685 | April 1, 2020 | |
| 'Sinkclose' Flaw in AMD Chips: A Deep and Virtually Unfixable Threat 🚨 | 0 | 58 | August 10, 2024 |
!