This Week In Hardware Security 12/6/17

Comment

This Week In Hardware Security 12/6/17

Bringing you the latest in Hardware Security every week!

5 Pitfalls That May Kill The IoT (Security is #1!)

"Many things could trip up the predicted explosion of connected devices, but the hurdles aren’t insurmountable."

https://semiengineering.com/the-five-pitfalls-that-may-kill-the-iot/

Computer vendors start disabling Intel Management Engine

"Intel has admitted that its in-chip Intel Management Engine program has major security holes. Some PC vendors are now disabling Management Engine to protect their customers."

http://www.zdnet.com/article/computer-vendors-start-disabling-intel-management-engine/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 11/30/17

Comment

This Week In Hardware Security 11/30/17

Bringing you the latest in Hardware Security every week!

Intel Chip Flaws Leave Millions of Devices Exposed

"Security researchers have raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible."

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/

Newly Revealed Flaw Could Subject IoT Devices to Airborne Attacks

"Billions of voice-activated Internet of Things devices may be subject to external attack due to BlueBorne vulnerabilities, Armis revealed on Wednesday."

https://www.technewsworld.com/story/84963.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 11/17/17

Comment

This Week In Hardware Security 11/17/17

Bringing you the latest in Hardware Security every week!

Tortuga Logic raises $2 million to build chip-level security systems

"Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security."

https://techcrunch.com/2017/11/16/tortuga-logic-raises-2-million-to-build-chip-level-security-systems/

Security vulnerability in IoT cameras could allow remote control by hackers

"Newly uncovered vulnerabilities in a popular brand of indoor internet-connected cameras could be exploited by attackers in order to gain complete control of the device."

http://www.zdnet.com/article/security-vulnerability-in-iot-cameras-could-allow-remote-control-by-hackers/

Security Firm Says Extremely Creepy Mask Cracks iPhone X's Face ID

"Less than a week after the iPhone X release, a Vietnamese security firm says it has done what others couldn't — trick the phone's facial recognition software. How? One very creepy mask."

https://www.npr.org/sections/thetwo-way/2017/11/13/563741014/security-firm-says-extremely-creepy-mask-cracks-iphone-xs-face-id

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 11/8/17

Comment

This Week In Hardware Security 11/8/17

Bringing you the latest in Hardware Security every week!

Eir replaced thousands of faulty modems over security worries

"20,000 modems were replaced by Eir after an investigation by the Data Protection Commissioner."

https://www.siliconrepublic.com/enterprise/eir-modems-replacements

Security Solutions Dominate Arm TechCon

"The hot topic at this year’s Arm TechCon conference was security, and Arm was not the only one hawking its wares."

http://www.electronicdesign.com/industrial-automation/security-solutions-dominate-arm-techcon

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 11/1/17

Comment

This Week In Hardware Security 11/1/17

Bringing you the latest in Hardware Security every week!

Latest IoT DDoS Attack Could Affect Millions of Users Worldwide

"Cybersecurity experts warned that the Reaper Botnet can compromise all internet-connected devices."

https://koddos.net/blog/latest-iot-ddos-attack-affect-millions-users-worldwide/

Security flaw in LG IoT software left home appliances vulnerable

"LG has updated its software security after researchers found flaw that left dishwashers, washing machines, air conditioners, and even a robot vacuum cleaner accessible by hackers."

http://www.zdnet.com/article/security-flaw-in-lg-iot-software-left-home-appliances-vulnerable/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 10/25/17

Comment

This Week In Hardware Security 10/25/17

Bringing you the latest in Hardware Security every week!

‘Unhackable’ electronic chip being developed in Abu Dhabi

"New York University Abu Dhabi researcher says the chip, which could be used in phones, is the first prototype to have security features built into the hardware and he is inviting hackers to try to break the code."

https://www.thenational.ae/uae/unhackable-electronic-chip-being-developed-in-abu-dhabi-1.669284

ARM unveils plan to secure the “internet of things” inside the chip

"U.K.-based chip designer ARM Ltd. today unveiled its vision for protecting more than a trillion connected devices, with security embedded deep into the silicon that powers them."

https://siliconangle.com/blog/2017/10/23/arm-unveils-platform-security-architecture-secure-internet-things/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 10/18/17

Comment

This Week In Hardware Security 10/18/17

Bringing you the latest in Hardware Security every week!

Researchers warn of Infineon security chip flaw

"Researchers have published the discovery of a key generation flaw in security chips produced by Infineon Technologies since at least 2012 and which allows attackers to turn a public RSA cryptographic key into its private half."

https://www.bit-tech.net/news/tech/software/researchers-warn-of-infineon-security-chip-flaw/1/

Wi-Fi encryption can be hacked and anyone can spy on your internet activity

"The encrypted WPA2 protocol was just breached, putting at risk everyone who uses wireless internet at home or abroad."

http://bgr.com/2017/10/16/wi-fi-krack-hack-wpa2-encryption/

Xilinx Kicks Off 2017 Security Working Group Series Addressing the Latest Topics on Hardware Security in Embedded Applications

"Xilinx, Inc. (XLNX) kicked off its annual Xilinx Security Working Group (XSWG) workshop series today in Longmont, Colorado with additional dates scheduled in Washington D.C., Paris and Munich. "

https://www.broadwayworld.com/bwwgeeks/article/Xilinx-Kicks-Off-2017-Security-Working-Group-Series-Addressing-the-Latest-Topics-on-Hardware-Security-in-Embedded-Applications-20171017

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 10/11/17

Comment

This Week In Hardware Security 10/11/17

Bringing you the latest in Hardware Security every week!

'Crypto Anchors' Might Stop the Next Equifax-Style Megabreach

"Firewalls, intrusion detection systems, and even encryption haven't kept hackers out of hoards of data like the ones stolen in the catastrophic breaches of Equifax or Yahoo. But now, some Silicon Valley firms are trying a deeper approach, building security into the basic design of how data moves between a company's servers."

https://www.wired.com/story/crypto-anchors-breach-security/

Hack-Vulnerable Voting Machines a 'National Security Threat,' Experts Warn

"A new report breaks down the lessons learned at the DEF CON 25 hacking conference, which amounted to a concentrated attack—orchestrated in the name of public safety—on the programming and machinery used in U.S. elections."

http://www.newsweek.com/hacking-defcon-voting-machines-technology-software-eac-russia-meddling-681759

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 10/4/17

Comment

This Week in Hardware Security 10/4/17

Bringing you the latest in Hardware Security every week!

Security-Oblivious Design Makes TrustZone Vulnerable to Attack

"Many automotive SoCs take advantage of ARM’s TrustZone. But researchers at Columbia Univ. succeeded in attacking a security-oblivious design by compromising the DVFS SoC support."

http://www.electronicdesign.com/automotive/security-oblivious-design-makes-trustzone-vulnerable-attack

FBI won’t have to reveal details on iPhone hacking tool used in San Bernardino case

"A federal court ruled yesterday that the FBI does not have to disclose either the name of the vendor used or price the government paid to hack into the iPhone 5C."

https://www.theverge.com/2017/10/1/16393074/apple-iphone-fbi-hacking-tool-san-bernardino-case-secret-court-order

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 9/27/17

Comment

This Week in Hardware Security 9/27/17

Bringing you the latest in Hardware Security every week!

CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features

"A team of three scientists from Columbia University has discovered that by attacking the combo of hardware and software management utilities embedded with modern chipsets, threat actors can take over systems via an attack surface found in almost all modern electronic devices."

https://www.bleepingcomputer.com/news/security/clkscrew-attack-can-hack-modern-chipsets-via-their-power-management-features/

'Smart' Hospital IV Pump Vulnerable To Remote Hack Attack

"...security researchers have discovered eight vulnerabilities in a syringe infusion pump used by hospitals to help administer medication to patients intravenously."

https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml

 

Want more Hardware Security news? Sign up for our mailing list!

 

Comment

This Week in Hardware Security 9/20/17

Comment

This Week in Hardware Security 9/20/17

Bringing you the latest in Hardware Security every week!

New Bluetooth vulnerability can hack a phone in 10 seconds

"Security company Armis has found a collection of eight exploits, collectively called BlueBorne, that can allow an attacker access to your phone without touching it. The attack can allow access to computers and phones, as well as IoT devices."

https://techcrunch.com/2017/09/12/new-bluetooth-vulnerability-can-hack-a-phone-in-ten-seconds/

Second Researcher Drops Router Exploit Code After D-Link Mishandles Bug Reports

"Embedi, a hardware security firm, has published details about two vulnerabilities that have yet to be patched in the firmware of D-Link routers. This marks the second incident of this sort in the last five days."

https://www.bleepingcomputer.com/news/security/second-researcher-drops-router-exploit-code-after-d-link-mishandles-bug-reports/

Risky Routers? New Malware Attacks Leverage Popular Hardware by Proxy

"Hardware is now a top-tier threat vector for cybercriminals. Internet of Things (IoT) devices are leading the charge, since many lack basic security protections but have almost unlimited access to network resources. "

https://securityintelligence.com/news/risky-routers-new-malware-attacks-leverage-popular-hardware-by-proxy/

Comment

NEW whitepaper - "Verifying Security at the Hardware/Software Boundary"

Comment

NEW whitepaper - "Verifying Security at the Hardware/Software Boundary"

We have a new whitepaper that describes:

• That Hardware Security review is a time-consuming and unreliable process

• How the inclusion of boot code can exacerbate the complexity of Hardware Security review

• The landscape of known Hardware Security threats

• How Unison, Tortuga Logic's new Hardware Security simulation platform, can drastically decrease the time it takes to perform security review at the hardware/software boundary

Click here to download!

Comment

Security Vulnerability Found in Haswell Line of Intel Processors

Comment

Security Vulnerability Found in Haswell Line of Intel Processors

"It also highlights the need for CPU designers to be aware of security as part of the design of new processors."

Researchers have discovered a flaw in a fairly new line of Intel processors that can allow the bypass of a key security mechanism built into the majority of operating systems. 

Read more here - http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/

Comment

The Headaches of being a SoC Security Architect

Comment

The Headaches of being a SoC Security Architect

A modern System-on-Chip (SoC) has a wide array of very strict and difficult-to-verify security properties. Issues related to locking critical configuration or key registers, proper implementation of interconnect access control rules, and general configuration during system boot are issues that pain just about every SoC Security Architect. They spend hours reviewing documentation from the verification teams and discussing these issues with separate product security teams. The end result is a process which results in enormous amount of time spent with very inadequate results.

Click here to read the rest of the article.

Comment

You probably have a lot of dead hens in your hardware design

1 Comment

You probably have a lot of dead hens in your hardware design

Meeting timing, keeping under power budget, delivering on time -- all aspects of hardware design are pretty easy if you just relax the constraint of being "correct"! Hardware designers of course know this and are quick to find creative and easy fixes to their problems but are of course held in check by teams of diligent testing and verification engineers providing their evaluation of correctness. Add a cycle of delay here, handle this special case there, power gate this, change the specification of that -- the success of hardware teams relies on the honest back and forth between these competing interests.  Unfortunately, as I touched on in my last blog entry, security is not covered by the traditional specifications and is completely unexamined by traditional test and verification procedures.

Read more here.

1 Comment

Functional Verification Will Not Save You From This Silicon Security Vulnerability

Comment

Functional Verification Will Not Save You From This Silicon Security Vulnerability

More often than not, systems are deployed every day with numerous bugs, both known and unknown. The problem in silicon security is twofold: 1) The behaviors that excite the latent vulnerabilities in designs are decidedly unnatural.  2) Most security systems are fragile. Dropping even a subset of the bits from a single key or flipping a few bits of internal state can be enough to completely subvert years of careful policy design, cryptographic cleverness, and architecture security support. 

Click here to read the rest of the article.

Comment

You Must Verify HW/SW Interactions to Avoid Security Vulnerabilities

Comment

You Must Verify HW/SW Interactions to Avoid Security Vulnerabilities

Imagine waking up tomorrow morning only to discover that your employer's brand is all over the news for the wrong reasons. Qualcomm employees experienced that last week. Over 900 million Android devices containing a Qualcomm processor were shown to have four known security vulnerabilities, and these alarming security issues are not going to be easy to eliminate according to the press. Not exactly the news a semiconductor executive wants to read with their morning cup of coffee.

Click here to read the rest of the article.

Comment

Securing the Internet of Things Starts with Silicon

Comment

Securing the Internet of Things Starts with Silicon

In just a few short years, connected devices of the Internet of Things (IoT) have gone from concepts to reality and as a result there are now major concerns regarding their initial development.

“As every player with a stake in IoT is well aware, security is paramount for the safe and reliable operation of IoT connected devices. It is, in fact, the foundational enabler of IoT.”1 This statement is supported by the work of researchers at the 2016 BlackHat conference where they demonstrated how to hack into smart lightbulbs, medical devices, and many other connected devices.

Click here to read the remainder of this post.

photo courtesy: shutterstock

Comment