Windows, Linux Devices at Risk Due to Unsigned Peripheral Firmware

Windows, Linux Devices at Risk Due to Unsigned Peripheral Firmware (Feb 18, 2020)

Eclypsium researchers have identified unsigned firmware in computer peripherals that can be abused by threat actors to attack Linux and Windows machines. These peripherals include cameras, trackpads, USB hubs, and Wifi adapters found in multiple popular machines. Abusing the firmware of a hard drive can enable an attacker to drop and run malicious code, bypassing security checks. As macOS has checks in place to check for firmware signatures when they are every time they are loaded, Linux and Windows only verify during the initial installation.

Recommendation: Firmware vulnerabilities should be a priority for an organizations' security as it can lead to backdoors, data exfiltration, network sniffers and more. While firmware vulnerabilities are more difficult to detect, users should deploy automatic scanning for component vulnerabilities and misconfigurations, and keep up to date on new exploits.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.