Below The Surface: July Firmware Threat Report from Eclypsium

Vulnerable firmware in the server supply chain, protecting traveler laptops & FISMA compliance.

View in browser

Eclypsium Threat Report—July 2019

Vulnerable Firmware in the Supply Chain of Enterprise Servers

New research from Eclypsium shows how BMC firmware vulnerabilities in the supply chain of major server manufacturers put customers at risk of data loss and attack. Weaknesses in a BMC firmware supplier affected at least 8 server manufacturers, highlighting a problem that is industry-wide. As attackers and nation-states target higher-value assets, BMC and other firmware inside critical servers provide a particularly strategic target, which can be used to irrevocably “brick” the server and its contents.

FISMA Compliance: Firmware Security Best Practices

Firmware security is a key element of a modern security program, and a requirement for FISMA compliance. This white paper provides practical guidance on how to comply with FISMA and build a stronger security program.

DOWNLOAD NOW >

Mind The Gap: Protecting Traveler Laptops From Common CyberSecurity Threats

Typical security measures are inadequate to deal with firmware and hardware level attacks that can compromise laptops in minutes, and persist undetected after reimaging. Learn how to protect IT assets in high-risk countries from firmware implants and backdoors.

COMING AT DEF CON 27 • SATURDAY, AUG 10 @ 15:00

Get off the Kernel if You Can’t Drive

Eclypsium’s Jesse Michael and Mickey Shkatov reveal security vulnerabilities in kernel mode drivers that can bypass and disable Windows protection mechanisms.

SEE IT LIVE >

Industry Research and News:

Another Week, Another Vulnerable NAS Device
“There is a clear trend of hackers starting to focus on storage. We’ve seen it twice in the past few weeks, and we’ve also seen reports of data being stolen out of Amazon S3,” said Steve McDowell, a senior analyst at Moor Insights & Strategy, who advises security teams to make sure you are running the latest firmware.

The biggest cybersecurity crises of 2019 so far

The recent ASUS supply chain attack makes Wired’s list of the biggest cybersecurity events of 2019. Attackers were able to infiltrate ASUS and deliver malware via ASUS’s own Live Update Tool.

Huawei's telecom equipment is more likely to have flaws than rivals' claims report

A recent analysis of Huawei networking infrastructure finds that the vendor’s products contained significantly more weaknesses that their industry peers. The report analyzed more than 500 Huawei enterprise networking products and found that over half of them contained at least one critical vulnerability. The analysis found a variety of problems ranging from embedded accounts, passwords, and keys to thousands of known vulnerabilities in embedded firmware.

RAMBleed, Reading Bits in Memory Without Accessing Them
RAMBleed is a vulnerability published recently that leverages the prior Rowhammer DRAM issue to turn it into a mechanism to leak secrets rather than modifying memory. With the Rowhammer attack, bits are more likely to flip if their neighboring rows have the opposite value. Rather than inducing bit-flips in a target memory region by hammering neighbor memory rows with writes, RAMBleed repeatedly hammers reads to neighbor rows and detects if bits in its own memory region have flipped and uses this mechanism to infer the targeted secret values.

DHS cyber director warns of surge in Iranian “wiper” hack attacks

The Director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency is warning that Iran is elevating its efforts to do damage to US interests through destructive malware attacks on industrial and government networks.

OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed
OpenSSH adds new protections for SSH private keys to protect against attacks like Spectre, Meltdown, Rowhammer, and Rambleed. This change encrypts SSH private keys while at rest within RAM so that an attacker would not be able to use a key leaked via a side channel attack.

How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Ryuk Ransomware is a recent family of ransomware known for targeting enterprises and critical infrastructure and for charging exceedingly high ransoms of $100k or more. In addition to encrypting data, the malware corrupts firmware to disable victim systems if the malware is interrupted during the encryption process.

Security Research and Advisories

Intel Patches High-Severity Flaw in Processor Diagnostic Tool
UnNamed RE Podcast - Reverse engineering cars, server BMCs and more with Eclypsium's Rick Altherr
Intel NUC Firmware Advisory Six security vulnerabilities in system firmware
Multiple vulnerabilities in SanDisk X600 SATA SED SSD
Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys
Some AMD CPUs Might Lose RdRand Randomness Following Suspend/Resume
AMD-SEV: Platform DH key recovery via invalid curve attack
Logitech wireless USB dongles vulnerable to new hijacking flaws
MacBook Pro firmware update fixes T2 security chip problem
Reversing and Exploiting Broadcom Bluetooth (Recon 2019)

Tools

PSPTool is a Swiss Army knife for AMD Secure Processor firmware
Untethered cold boot exploit affects Nvidia Tegra devices
The Death Metal Suite - Coalfire shows Intel AMT can be used to mount attacks
Debug UEFI code by single-stepping your Coffee Lake-S hardware CPU

System Firmware Attack and Defense for the Enterprise

This in-depth four day training course will detail and organize objectives, attack vectors, vulnerabilities and exploits against different types of firmware such as UEFI firmware, BMC firmware, ME/AMT firmware and peripheral device firmware. The training covers mitigations as well as tools and methods available to analyze the security of such firmware components. It will also detail protections available in hardware and in the firmware such as Hardware Root of Trust, Secure Boot and Intel BootGuard technology.

LEARN MORE >

Featuring Alex Bazhaniuk and Jesse Michael of Eclypsium

August 3-6, 2019

Las Vegas, NV

Meet the Eclypsium Team at Black Hat Booth #IC 2109

Going to Black Hat? Stop by the Eclypsium booth to see version 1.5 of the Eclypsium Firmware Protection Platform in action, chat with our research team and collect your official hardware hacking coaster. Contact info@eclypsium.com to reserve a private demo or meeting time.