Quote:Peripheral devices with unsigned firmware can expose Windows and Linux machines to attacks, allowing hackers to install stealthy and persistent malware, steal valuable information, or take control of a computer.
Researchers at firmware security company Eclypsium have discovered that many peripheral device manufacturers have not implemented checks to ensure that the firmware running on their products comes from a trusted source. This can make it easy for malicious actors to install their own firmware on a device and abuse it for various purposes, and in many cases conducting an attack does not require special privileges.
Attacks can be launched against both Windows and Linux computers, including laptops and servers.
“Many peripheral devices do not verify that firmware is properly signed with a high quality public/private key before running the code. This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted,” Eclypsium wrote in a blog post published on Tuesday. “An attacker could simply insert a malicious or vulnerable firmware image, which the component would blindly trust and run.”
For example, an attacker can plant malicious firmware on a network adapter to intercept or alter traffic, and a compromised PCI device can be abused for DMA attacks, which can allow an attacker to take complete control of the targeted system. Attackers could also target cameras to spy on users, and a hard drive running malicious firmware can enable an attacker to hide malware.
It’s worth noting that some of these attacks are not just theoretical. The NSA-linked threat actor tracked as the Equation Group, for instance, has been known to target the firmware on hard drives.
Read more: https://www.securityweek.com/peripherals...rs-attacks
![[-]](https://www.geeks.fyi/images/collapse.png)
