This Week In Hardware Security 1/18/19

Comment

This Week In Hardware Security 1/18/19

Bringing you the latest in Hardware Security every week!

AMD CEO: Security Flaws 'A Wakeup Call' for Chip Makers

" “We can never say that we’ve caught everything,” the CEO cautioned. But AMD is plowing plenty of resources into engineering more secure hardware and software on a product roadmap that extends several years into the future. "

http://fortune.com/2019/01/08/amd-ceo-lisa-su-meltdown-spectre/

BlackBerry wants to make the internet of things safe for you

"On Sunday, the smartphone maker launched three products designed to make internet-connected devices more secure from hacking. It plans to license the products to companies making internet-of-things devices like smart light bulbs, refrigerators and TVs as well as devices used in factories.”

https://www.cnet.com/news/blackberry-wants-to-make-the-internet-of-things-safe-for-you/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 1/4/19

Comment

This Week In Hardware Security 1/4/19

Bringing you the latest in Hardware Security every week!

Super Micro Says Third-Party Test Found No Malicious Hardware

"Super Micro Computer Inc. said an independent test found no malicious hardware in its motherboards. The conclusion follows previous denials of a Bloomberg Businessweek magazine report that said Chinese intelligence services inserted malicious components in the company’s server motherboards during the manufacturing process."

https://www.bloomberg.com/news/articles/2018-12-11/super-micro-says-third-party-test-found-no-malicious-hardware

The Elite Intel Team Still Fighting Meltdown and Spectre

"A year ago today, Intel coordinated with a web of academic and independent researchers to disclose a pair of security vulnerabilities with unprecedented impact. Since then, a core Intel hacking team has worked to help clean up the mess—by creating attacks of their own."

https://www.wired.com/story/intel-meltdown-spectre-storm/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 12/12/18

Comment

This Week In Hardware Security 12/12/18

Bringing you the latest in Hardware Security every week!

Security and RISC-V

"Tortuga’s whole objective is security, particularly against side-channel attacks, so they should be able to add real value to the committee…When they’re aligned with the standard, their tools and IP should become attractive in guiding design for anyone implementing or using RISC-V. "

https://www.semiwiki.com/forum/content/7873-security-risc-v.html

DOD Expands ‘Hack the Pentagon’ to Include Hardware, Physical Systems

"The expanded program, which the DOD announced in late October, indicates that the bug bounty programs have been successful and that the Pentagon is willing to allow private sector companies to review vulnerabilities in more sensitive IT systems. "

https://fedtechmagazine.com/article/2018/12/dod-expands-hack-pentagon-include-hardware-physical-systems

Hacker talks to Arizona man through the Nest security camera in his home

"Andy Gregg was in his back yard a few weeks ago when he heard a voice he didn't recognize inside his house…The source of the voice surprised him: It was coming from a Nest Cam IQ security camera in his front window. "

https://www.usatoday.com/story/tech/2018/12/10/phoenix-man-hacker-broke-talked-nest-security-cam-home/2262816002/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 11/21/18

Comment

This Week in Hardware Security 11/21/18

Bringing you the latest in Hardware Security every week!

Enterprise Security: Major Flaws Found in Bluetooth Chips

"Two serious chip-level vulnerabilities that could potentially put "millions" of enterprise access points at risk was discovered last week by researchers at security firm Armis. The security flaws could allow hackers to gain access to networks completely undetected."

https://securitytoday.com/articles/2018/11/05/major-security-flaw-found-in-bluetooth-chips.aspx

Don’t trust your hardware: Why security vulnerabilities affect us all

"A few weeks ago, Bloomberg reported that China was spying on American tech firms, including Apple and Amazon, by installing secret microchips on server boards during the production process. These hardware trojans are, like the Greek horse used to sneak in soldiers, designed to appear harmless while in actuality they perform secret malicious operations."

https://theconversation.com/dont-trust-your-hardware-why-security-vulnerabilities-affect-us-all-105773

Solving Spectre and Meltdown may ultimately require an entirely new type of processor

"How to identify and fix execution bugs like Spectre and Meltdown has been a burning topic among microprocessor buffs this year. At Hot Chips, one of the industry’s premier academic conferences on microprocessors, experts agreed that the ultimate solution to solving them may require, yes, a lot more talk. "

https://www.pcworld.com/article/3299477/components-processors/solving-spectre-and-meltdown-may-ultimately-require-an-entirely-new-type-of-processor.html

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 10/24/18

Comment

This Week in Hardware Security 10/24/18

Bringing you the latest in Hardware Security every week!

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

"The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources."

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies


THE TINY CHIP THAT POWERS UP PIXEL 3 SECURITY

"The Titan M chip may be small and discreet, but it helps make the Pixel 3 and its beefier sibling, the Pixel 3 XL, among the most secure smartphones you can buy."

https://www.wired.com/story/google-titan-m-security-chip-pixel-3/

HTC'S 'BLOCKCHAIN PHONE' LAUNCHES AS A WILD EXPERIMENT

"‘The first step is to empower and educate the consumer to own their own keys,” says Phil Chen, HTC’s decentralized chief officer, referring to the cryptographic keys that allow you to access your cryptocurrencies. “From there, that will help expand the blockchain ecosystem and lead to people owning their own data and digital property in the near future.’"

https://www.wired.com/story/htc-exodus-1-blockchain-phone/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 09/24/18

3 Comments

This Week in Hardware Security 09/24/18

Bringing you the latest in Hardware Security every week!

Intel releases firmware update for ME flaw

"Identified as CVE-2018-3655, and with updates now released, the issue affects firmware versions: 11.0 through 11.8.50; 11.10 through 11.11.50; 11.20 through 11.21.51; Intel Server Platform Services firmware version 4.0 (on Purley and Bakerville only); and Intel TXE version 3.0 through 3.1.50."

https://nakedsecurity.sophos.com/2018/09/18/intel-releases-firmware-update-for-me-flaw/


Peekaboo vulnerability exposes hundreds of thousands of security cameras to hacking

"A new vulnerability discovered in firmware from NUUO Inc. allows malicious actors to view and tamper with video surveillance recordings, according to researchers from security firm Tenable Inc. "

https://siliconangle.com/2018/09/17/peekaboo-vulnerability-exposes-hundreds-thousands-security-cameras-hacking/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

3 Comments

This Week in Hardware Security 09/17/18

Comment

This Week in Hardware Security 09/17/18

Bringing you the latest in Hardware Security every week!

Researchers hack and steal a Model S; Tesla says vulnerability now fixed

"Two Belgian security experts discovered an encryption flaw that let them drive away in a Tesla Model S without busting any glass or cutting any wires. "

https://www.digitaltrends.com/cars/researchers-use-encryption-flaw-to-hack-and-steal-a-tesla-model-s/


Security flaw can leak Intel ME encryption keys

"Chipmaker Intel has released firmware updates on Tuesday for a security flaw that can allow an attacker to recover, modify, or delete data stored on Intel's CPU chip-on-chip system. "

https://www.zdnet.com/article/security-flaw-can-leak-intel-me-encryption-keys/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 08/14/18

Comment

This Week in Hardware Security 08/14/18

Bringing you the latest in Hardware Security every week!

Hacker Finds Hidden 'God Mode' on Old x86 CPUs

"Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9)."

https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html


Samsung Galaxy S7 smartphones vulnerable to hacking: researchers 

"Samsung’s Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that has put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters."

https://www.reuters.com/article/us-cyber-conference-samsung-elec/samsung-galaxy-s7-smartphones-vulnerable-to-hacking-researchers-idUSKBN1KT0NL

 

Elaborate hack turned Amazon Echo speakers into spies

"They've disclosed an attack on the Echo that uses both a modified speaker and a string of Alexa web interface vulnerabilities to remotely eavesdrop on regular models. It sounds nefarious, but it requires more steps than would be viable for most intruders."

https://www.engadget.com/2018/08/12/amazon-echo-speaker-complicated-surveillance-hack/

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 7/27/18

Comment

This Week in Hardware Security 7/27/18

Bringing you the latest in Hardware Security every week!

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

"Computer security researchers have devised a way to exploit the speculative-execution design flaws in modern processor chips over a network connection – a possibility that sounds rather more serious but may be something less than that."

https://www.theregister.co.uk/2018/07/26/netspectre_network_leak/


Update Your iPhones And Androids Now If You Don't Want Your Bluetooth Hacked 

"There’s a potentially serious vulnerability affecting Bluetooth that could lead to leaks of private data from Apple, Google and Intel-based smartphones and PCs. Patches are being made available, so concerned users should update where they can. Millions, if not hundreds of millions or billions, of devices are likely affected."

https://www.forbes.com/sites/thomasbrewster/2018/07/24/bluetooth-hack-warning-for-iphone-android-and-windows/#2a56f6537d73


Microprocessor designers realize security must be a primary concern

"Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. The best known recent examples were the chip flaws nicknamed Spectre and Meltdown that affected billions of computers, smartphones and other electronic devices."

http://theconversation.com/microprocessor-designers-realize-security-must-be-a-primary-concern-98044

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 7/10/2018

Comment

This Week in Hardware Security 7/10/2018

Bringing you the latest in Hardware Security every week!

Another Spectre CPU vulnerability among Intel's dirty dozen of security bug alerts today

"Intel will today emit a dozen security alerts for its products and code – including details of another vulnerability within the family of Spectre CPU flaws."

https://www.theregister.co.uk/2018/07/10/intel_security_spectre_advisories/

New RAMpage exploit revives Rowhammer attack to root Android devices 

"Now, 21 months later, many of the same researchers behind the attack, dubbed Drammer, are back to say that a large number of Android phones and tablets remain vulnerable to the rooting attacks because the patches Google deployed weren’t adequate."

https://arstechnica.com/information-technology/2018/07/new-rampage-exploit-revives-rowhammer-attack-to-root-android-devices/

Security Holes in Machine Learning And AI 

"Machine learning and AI developers are starting to examine the integrity of training data, which in some cases will be used to train millions or even billions of devices."

http://semiengineering.com/security-holes-in-machine-learning-and-ai/

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 7/02/2018

Comment

This Week In Hardware Security 7/02/2018

Bringing you the latest in Hardware Security every week!

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

"Intel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications."

https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/

Vulnerabilities in these IoT cameras could give attackers full control, warn researchers 

"Vulnerabilities in almost 400 models of internet connected video camera by one manufacturer could allow attackers to take remote control of devices for use as a surveillance tool with the ability to snoop on any audio or video it recorded"

https://www.zdnet.com/article/vulnerabilities-in-these-iot-cameras-could-give-attackers-full-control-warn-researchers/

 

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 6/14/2018

Comment

This Week In Hardware Security 6/14/2018

Bringing you the latest in Hardware Security every week!

Lazy FPU X86 Flaw Hits Intel Processors With Yet Another Major Security Vulnerability

"A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor's speculative execution technology"

https://hothardware.com/news/lazy-fpu-x86-flaw-hits-intel-processors

Apple to Close iPhone Security Hole that Law Enforcement Uses to Crack Devices 

"An update Apple is planning for its iPhone software would close a technological loophole that law enforcement agencies have exploited to gain access to information on those devices."

https://www.nytimes.com/2018/06/13/technology/apple-iphone-police.html

VPNFilter malware caught infecting Asus, D-Link, Huawei, ZTE & others

"VPNFilter malware was discovered by Cisco Talos but it got more attention when the FBI, a couple of weeks ago, seized a domain hosting botnet of 500,000 hacked IoT devices including network-access storage (NAS) devices and home and office (SOHO) routers in at least 54 countries."

https://www.hackread.com/vpnfilter-malware-infects-asus-d-link-huawei-zte/

 

 

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/30/2018

Comment

This Week In Hardware Security 5/30/2018

Bringing you the latest in Hardware Security every week!

Encryption of AMD EPYC VMs can be broken, researchers prove

"AMD EPYC server chipsets are supposed to provide a high level of security, but a German team has managed to gain control through a hypervisor exploit."

https://www.techrepublic.com/article/encryption-of-amd-epyc-vms-can-be-broken-researchers-prove/

Spectre chip security vulnerability strikes again; patches incoming

"A Google developer discovered a new way that a 'Spectre'-style check can be used to attack any computer running any operating system."

https://www.zdnet.com/article/spectre-chip-security-vulnerability-strikes-again-patches-incoming/

Researchers hack BMW cars, discover 14 vulnerabilities

"Keen Security Lab researchers have discovered fourteen vulnerabilities affecting a variety of BMW car models."

https://www.helpnetsecurity.com/2018/05/23/hack-bmw-cars/

5-year-old IoT attack resurfaces, puts millions of devices at risk

"IoT chip manufacturer Z-Wave reportedly fixed issues with its pairing process that allowed attackers to hijack internet-connected devices, but one security firm completely circumvented it."

https://www.techrepublic.com/article/5-year-old-iot-attack-resurfaces-puts-millions-of-devices-at-risk/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/22/2018

1 Comment

This Week In Hardware Security 5/22/2018

Bringing you the latest in Hardware Security every week!

Google, Microsoft find another Spectre, Meltdown flaw

"Intel and Microsoft on Monday disclosed a newly found variant of the Spectre and Meltdown security flaws, revealing another vulnerability in chips used in hundreds of millions of computers and mobile devices. Intel is calling the new strain "Variant 4.""

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/

Designing Hardware For Security

"Most attacks in the past focused on gaining access to software, but Meltdown and Spectre have changed that forever."

https://semiengineering.com/designing-hardware-for-security/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week in Hardware Security 5/8/2018

Comment

This Week in Hardware Security 5/8/2018

Bringing you the latest in Hardware Security every week!

'Next generation' flaws found on computer processors: magazine

"Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday."

https://www.reuters.com/article/us-cyber-intel/next-generation-flaws-found-on-computer-processors-magazine-idUSKBN1I42BZ

'Design for Security' program launched by Purdue, Intel

"A new program that educates students on how to incorporate digital security in all phases of the design and manufacturing process is being launched by Intel Corp. and Purdue University."

https://www.purdue.edu/newsroom/releases/2018/Q2/design-for-security-program-launched-by-purdue,-intel.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/1/18

Comment

This Week In Hardware Security 5/1/18

Bringing you the latest in Hardware Security every week!

Apple Is Struggling To Stop A 'Skeleton Key' Hack On Home Wi-Fi

"...an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own chips into "skeleton keys."

https://www.forbes.com/sites/thomasbrewster/2018/04/26/skeleton-key-exploits-apple-mfi-trust/#4dfdeea1503c

Hackers have found a way to jailbreak the Nintendo Switch

"Hackers have found a way into the Nintendo Switch, possibly giving those with a high level of technical knowledge a way to run pirated games on the portable console."

https://www.washingtonpost.com/news/the-switch/wp/2018/04/24/hackers-have-found-a-way-to-jailbreak-the-nintendo-switch/?noredirect=on&utm_term=.016f58c3d86a

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 4/23/18

Comment

This Week In Hardware Security 4/23/18

Bringing you the latest in Hardware Security every week!

Tortuga Logic to Develop Novel Hardware Security Solutions with Support from DARPA Program

"Tortuga Logic, a hardware security company with technology that identifies security vulnerabilities in semiconductor designs, today announced that it has received a contract from the Defense Advanced Research Projects Agency (DARPA) to develop additional hardware security solutions."

https://www.businesswire.com/news/home/20180404005040/en/Tortuga-Logic-Develop-Hardware-Security-Solutions-Support

Intel debuts security solutions at the silicon level

"Intel has revealed a range of new security solutions designed to protect the latest wave of new technologies."

https://www.zdnet.com/article/intel-debuts-security-solutions-at-the-silicon-level/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 4/2/18

1 Comment

This Week In Hardware Security 4/2/18

Bringing you the latest in Hardware Security every week!

First Spectre, now BranchScope — another vulnerability in Intel processors

"Researchers from four universities discovered a new vulnerability in Intel’s processors dubbed as BranchScope. The problem resides in the method a processor uses to predict where its current computational task will end, aka speculative execution. By exploiting this flaw, hackers with access to the PC could pull data stored from memory that’s otherwise inaccessible to all applications and users. "

https://www.digitaltrends.com/computing/branchscope-vulnerability-intel-processors-spectre/

Windows 7 Meltdown patch opens worse vulnerability: Install March updates now

"Microsoft's early patches for Intel's Meltdown CPU vulnerability created an even bigger problem in Windows 7 that allowed any unprivileged application to read kernel memory."

http://www.zdnet.com/article/windows-7-meltdown-patch-opens-worse-vulnerability-install-march-updates-now/

‘Tamper-Proof’ Crypto Wallet Hacked by 15 Year Old

"Ledger boasts that it’s crypto wallet hardware is tamper-proof, however this claim appears to have fallen flat on its face after a 15-year old French hacker claimed to have successfully broken into it."

https://digit.fyi/ledger-crypto-wallet-hacked/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 3/26/18

Comment

This Week In Hardware Security 3/26/18

Bringing you the latest in Hardware Security every week!

Microsoft offers $250,000 bounty to prevent the next Meltdown and Spectre CPU flaws

"Microsoft is introducing a new bug bounty reward for the “speculative execution” CPU vulnerabilities that were disclosed recently. The software giant is offering up to $250,000 for bugs that are similar to the Meltdown and Spectre CPU flaws. Microsoft’s bounty will run until the end of the year, and it’s clearly designed to discover additional flaws as researchers begin to look at these types of vulnerabilities in processor designs."

https://www.theverge.com/2018/3/15/17124362/microsoft-spectre-bug-bounty-speculative-execution

AMD has fixes coming for its 13 chip vulnerabilities

"The chipmaker says the patches will arrive within a few weeks and AMD device owners shouldn’t worry about the reported flaws."

https://www.cnet.com/news/amd-has-fixes-coming-for-its-13-chip-vulnerabilities/

Hardware Backdoor Remote Hack for Automotive Connected Car CAN Bus

"Researchers Sheila Ayelen Berta and Claudio Caracciolo have created a tiny back hardware backdoor for the CAN bus, called “The Bicho”. They will be presenting it on unlucky April 13 at HITBSecConf in Amsterdam that connects to the vehicle’s OBD-II port. The pair have been called “Hack in the Box Duo.""

http://www.autoconnectedcar.com/2018/03/hardware-backdoor-remote-hack-for-automotive-connected-car-can-bus/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 3/15/18

1 Comment

This Week In Hardware Security 3/15/18

Bringing you the latest in Hardware Security every week!

AMD allegedly has its own Spectre-like security flaws

"CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers."

https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

Former Apple security engineer’s new firm claims it will unlock any iPhone – for $15,000

"Just about a week ago, word emerged that the Israeli-based security firm Cellebrite had developed a tool which enables it to access any locked iPhone model running any iteration of iOS, including an iPhone X running iOS 11. In the wake of that revelation, Forbes relays that another security firm — a U.S. based company called Grayshift — has come up with an iOS 11 workaround of its own, albeit with some limitations."

http://bgr.com/2018/03/05/iphone-security-ios-11-solution-brute-force-passcode-guessing/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment