Modern Laptops and Network Cards Still Using Unsigned Firmware

  • Hardware makers' unsafe firmware upgrade practices were again exposed by the Eclypsium researchers. 
  • Many big names in the industry are not using firmware validation, so attackers could plant their own version anytime. 
  • The only companies that have complied with guidelines on proper security practices are HDD and SSD makers.

Firmware is a special kind of software that users cannot touch, change, or upgrade (except for some rare cases). It sits inside our computer chips, taking care of low-level device control stuff, while it also constitutes a security liability for those who know how to exploit it. Between 2015 and 2016, a group of developers known as "Equation Group" produced a trojan that they could plant inside hard disk drive firmware, and that enabled them to retrieve any data from the device (even deleted files) long after discarding. Later, when Kaspersky Lab proved that the Equation Group had ties with the NSA, the whole world was socked. Hardware vendors promised to implement better supply chain protection measures, and the subject was closed.

Eclypsium recently decided to revisit the situation and see if the firmware used in today’s electronics is any better than it was five years ago. What they found isn’t very encouraging. More specifically, they have found a plethora of devices using unsigned firmware. This means that the users can’t tell if it comes from a trustworthy vendor or a malicious third party. The types of devices that demonstrate this risky behavior include WiFi adapters, USB hubs, trackpads, laptop cameras, and network interface cards.

Examples come from across the whole industry: the TouchPad and TrackPoint firmware found in various Lenovo laptops and the firmware that controls the cameras in HP laptops. Also, the WiFi adapter on the Dell XPS laptop range, and even USB hubs using firmware sources by the Linux Vendor Firmware Service. Interestingly, HDD and SSD manufacturers have incorporated safer firmware upgrading methods. Of course, this is the direct result of the 2015 attacks. The rest of the industry, though, hasn’t taken note of what happened back then.

In the video below, the Eclypsium team demonstrates the possibility of intercepting BMC traffic after planting a malicious firmware version on the target device. If it doesn’t require any form of validation, which is still the case, as we saw, the attackers can load any code they want onto the component, and have it run without restrictions. Because the firmware runs at such a low and fundamental level, a skillful attacker could potentially deepen their infiltration on a system by overriding or setting aside all protections that are active on the higher level. This includes anti-virus and anti-malware solutions and even firewalls.

How to Watch Joe Pickett Season 2 Online: Stream the Western Crime Drama from Anywhere
Joe Pickett, the series based on characters created by novelist C.J. Box, has a second season coming, and below are all the...
How to Watch Gods of Tennis Online Free: Stream the Tennis Docuseries from Anywhere
Gods of Tennis is a new documentary series on “the golden age of tennis” in the 1970s and 1980s, and we have...
How to Watch Danger Below Deck Online from Anywhere
Are you a die-hard fan of crime dramas? Do you love heart-pounding suspense, gripping tension, and a captivating plot that leaves you...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari