Language Selection

English French German Italian Portuguese Spanish

Unsigned Firmware Puts Windows, Linux Peripherals at Risk

Filed under
Security

Researchers at firmware security company Eclypsium on Tuesday released new research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers.

Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.

The demonstration shows the exposed attack vector once firmware on any of these components is infected using the issues the report describes. The malware stays undetected by any software security controls.

Unsigned firmware provides multiple pathways for malicious actors to compromise laptops and servers. That leaves millions of Windows and Linux systems at risk of firmware attacks that can exfiltrate data, disrupt operations and deliver ransomware, warned Eclypsium.

Read more

Failure to sign firmware updates put Windows and Linux devices

Windows & Linux Devices at Risk From Unsigned Peripheral...

  • Windows & Linux Devices at Risk From Unsigned Peripheral Firmware

    Reportedly, researchers from Eclypsium have discovered how a problem in peripheral devices can risk the security of entire systems. Specifically, they found that unsigned firmware in peripheral devices can allow an adversary to attack Windows, Linux systems. They have shared the details of their findings in a blog post.

    As revealed, unsigned firmware in a large number of WiFi adapters, trackpads, USB Hubs, and cameras impact various enterprise devices. Despite being known for years, the researchers state that many vendors paid no heed to this problem. Consequently, this issue makes the systems vulnerable to cyber-attacks.

"risky firmware"

  • 'Millions' of Windows, Linux system open to attack due to risky firmware

    Millions of Windows and Linux systems are vulnerable to attacks because of unsigned firmware, according to a new report from the security research group Eclypsium.

    Unsigned firmware was discovered in Wi-Fi adapters, USB hubs, touchpads and cameras used in computers made by Dell, Lenovo, HP and other laptop vendors. Those unprotected devices, often made by smaller part suppliers, are included on some of the most popular and best laptops, including the Lenovo ThinkPad X1 Carbon, HP Spectre x360 and Dell XPS 15.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

HACKERS and HOSPITALS: How you can help

Free software activists, as well as many scientists and medical professionals, have long since realized that proprietary medical software and devices are neither ethical nor adequate to our needs. The COVID-19 pandemic has illuminated some of these shortcomings to a broader audience -- and also given our community a unique opportunity to offer real, material help at a difficult time. We're putting together a plan to pitch in, and we hope you'll join us: keep reading to find out what you can do! You may already be aware that software and hardware restrictions are actively hampering the ability of hospitals to repair desperately needed ventilators all over the world, and how some Italian volunteers ran into problems when they 3D printed ventilator valves. (As you can see from the link, the stories vary about exactly what their interaction with the manufacturer was, but it's clear that the company refused to release proprietary design files, forcing the volunteers to reverse-engineer the parts.) Read more In LWN: HACKERS and HOSPITALS<

OCRFeeder - Where images go to text

Recently, finding really cool, new, unique Linux software has become a difficult task. A chore. And by recently, I actually meant these past four or five years, even since the slow decline of enthusiasm and innovation in the desktop space started. After all, there's a limit to how much good stuff can exist in a finite volume of intellect, but let's not forget the wrong shift of focus to mobile and the shattering of the year-of-the-Linux dream. This makes my test of a four-year-old piece of software named OCRFeeder valid, I think. For two reasons. If it's good, it's good. Second, I've always been interested in the progress of optical character recognition, and whether our tools (read AI) can do a reasonable job here. I wrote about this in detail a while back, and then reviewed YAGF in 2015. Now, let's have a look at OCRFeeder and what it can do. After me, brave Linux warriors. Read more

LibreOffice Online Guide translated into Czech and Some LibreOffice 7.0 Previews

  • LibreOffice Online Guide translated into Czech

    LibreOffice Online Guide was created as part of the Google Season of Docs programme, and released in December 2019. Today we’re announcing that the Czech LibreOffice community has finished translating the guide, and it can be downloaded here. (See this page for English documentation.) It was a team effort, and participants were Petr Kuběj, Zuzana Pitříková, Zdeněk Crhonek, Roman Toman, Tereza Portešová, Petr Valach and Stanislav Horáček. Thanks to all volunteers! The Czech team continues with the translation of the Getting Started Guide, and is always open for new volunteers, translators and correctors. Give them a hand!

  • Fontwork update

    Jun Nogata help the LibreOffice community with new Fontwork. And now it’s ready to be in use.

  • Bullet images update

    LibreOffice 7.0 will get new bullet imges. Hope you like them. In general you can use whatever image you like, want or find from the internet, so in the Bullet image dialog there are the following examples...

Audiocasts/Shows: LINUX Unplugged, Late Night Linux, Linux Headlines and More

  • Arm is Here | LINUX Unplugged 347

    We discover a few simple Raspberry Pi tricks that unlock incredible performance and make us re-think the capabilities of Arm systems. Plus we celebrate Wireguard finally landing in Linux, catch up on feedback, and check out the new Manjaro laptop.

  • User Error: What Will Change Post-virus? | Jupiter Extras 67

    Joe, Alan, and Dan speculate about what the world will be like after the situation with Coronavirus is under control and life returns to something resembling normality.

  • Late Night Linux – Episode 86

    The impacts of Coronovirus on Linux and open source, KDE Korner, and whether we are seeing the second big split in the FOSS world.

  • All Backup Solutions for the Home | Rsync, Synology, and FreeNAS
  • 2020-03-31 | Linux Headlines

    The MANRS initiative gains several new members, GitLab wants customers to help migrate premier features to its free tier, Eclipse Theia reaches 1.0, Lutris lands Humble Bundle game store integration, and Steam scales back automatic updates.

  • An Open Source Toolchain For Natural Language Processing From Explosion AI

    The state of the art in natural language processing is a constantly moving target. With the rise of deep learning, previously cutting edge techniques have given way to robust language models. Through it all the team at Explosion AI have built a strong presence with the trifecta of SpaCy, Thinc, and Prodigy to support fast and flexible data labeling to feed deep learning models and performant and scalable text processing. In this episode founder and open source author Matthew Honnibal shares his experience growing a business around cutting edge open source libraries for the machine learning developent process.