This Week in Hardware Security 10/24/18

Comment

This Week in Hardware Security 10/24/18

Bringing you the latest in Hardware Security every week!

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

"The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources."

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies


THE TINY CHIP THAT POWERS UP PIXEL 3 SECURITY

"The Titan M chip may be small and discreet, but it helps make the Pixel 3 and its beefier sibling, the Pixel 3 XL, among the most secure smartphones you can buy."

https://www.wired.com/story/google-titan-m-security-chip-pixel-3/

HTC'S 'BLOCKCHAIN PHONE' LAUNCHES AS A WILD EXPERIMENT

"‘The first step is to empower and educate the consumer to own their own keys,” says Phil Chen, HTC’s decentralized chief officer, referring to the cryptographic keys that allow you to access your cryptocurrencies. “From there, that will help expand the blockchain ecosystem and lead to people owning their own data and digital property in the near future.’"

https://www.wired.com/story/htc-exodus-1-blockchain-phone/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 09/24/18

3 Comments

This Week in Hardware Security 09/24/18

Bringing you the latest in Hardware Security every week!

Intel releases firmware update for ME flaw

"Identified as CVE-2018-3655, and with updates now released, the issue affects firmware versions: 11.0 through 11.8.50; 11.10 through 11.11.50; 11.20 through 11.21.51; Intel Server Platform Services firmware version 4.0 (on Purley and Bakerville only); and Intel TXE version 3.0 through 3.1.50."

https://nakedsecurity.sophos.com/2018/09/18/intel-releases-firmware-update-for-me-flaw/


Peekaboo vulnerability exposes hundreds of thousands of security cameras to hacking

"A new vulnerability discovered in firmware from NUUO Inc. allows malicious actors to view and tamper with video surveillance recordings, according to researchers from security firm Tenable Inc. "

https://siliconangle.com/2018/09/17/peekaboo-vulnerability-exposes-hundreds-thousands-security-cameras-hacking/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

3 Comments

This Week in Hardware Security 09/17/18

Comment

This Week in Hardware Security 09/17/18

Bringing you the latest in Hardware Security every week!

Researchers hack and steal a Model S; Tesla says vulnerability now fixed

"Two Belgian security experts discovered an encryption flaw that let them drive away in a Tesla Model S without busting any glass or cutting any wires. "

https://www.digitaltrends.com/cars/researchers-use-encryption-flaw-to-hack-and-steal-a-tesla-model-s/


Security flaw can leak Intel ME encryption keys

"Chipmaker Intel has released firmware updates on Tuesday for a security flaw that can allow an attacker to recover, modify, or delete data stored on Intel's CPU chip-on-chip system. "

https://www.zdnet.com/article/security-flaw-can-leak-intel-me-encryption-keys/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 08/14/18

Comment

This Week in Hardware Security 08/14/18

Bringing you the latest in Hardware Security every week!

Hacker Finds Hidden 'God Mode' on Old x86 CPUs

"Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9)."

https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html


Samsung Galaxy S7 smartphones vulnerable to hacking: researchers 

"Samsung’s Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that has put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters."

https://www.reuters.com/article/us-cyber-conference-samsung-elec/samsung-galaxy-s7-smartphones-vulnerable-to-hacking-researchers-idUSKBN1KT0NL

 

Elaborate hack turned Amazon Echo speakers into spies

"They've disclosed an attack on the Echo that uses both a modified speaker and a string of Alexa web interface vulnerabilities to remotely eavesdrop on regular models. It sounds nefarious, but it requires more steps than would be viable for most intruders."

https://www.engadget.com/2018/08/12/amazon-echo-speaker-complicated-surveillance-hack/

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 7/27/18

Comment

This Week in Hardware Security 7/27/18

Bringing you the latest in Hardware Security every week!

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

"Computer security researchers have devised a way to exploit the speculative-execution design flaws in modern processor chips over a network connection – a possibility that sounds rather more serious but may be something less than that."

https://www.theregister.co.uk/2018/07/26/netspectre_network_leak/


Update Your iPhones And Androids Now If You Don't Want Your Bluetooth Hacked 

"There’s a potentially serious vulnerability affecting Bluetooth that could lead to leaks of private data from Apple, Google and Intel-based smartphones and PCs. Patches are being made available, so concerned users should update where they can. Millions, if not hundreds of millions or billions, of devices are likely affected."

https://www.forbes.com/sites/thomasbrewster/2018/07/24/bluetooth-hack-warning-for-iphone-android-and-windows/#2a56f6537d73


Microprocessor designers realize security must be a primary concern

"Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. The best known recent examples were the chip flaws nicknamed Spectre and Meltdown that affected billions of computers, smartphones and other electronic devices."

http://theconversation.com/microprocessor-designers-realize-security-must-be-a-primary-concern-98044

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 7/10/2018

Comment

This Week in Hardware Security 7/10/2018

Bringing you the latest in Hardware Security every week!

Another Spectre CPU vulnerability among Intel's dirty dozen of security bug alerts today

"Intel will today emit a dozen security alerts for its products and code – including details of another vulnerability within the family of Spectre CPU flaws."

https://www.theregister.co.uk/2018/07/10/intel_security_spectre_advisories/

New RAMpage exploit revives Rowhammer attack to root Android devices 

"Now, 21 months later, many of the same researchers behind the attack, dubbed Drammer, are back to say that a large number of Android phones and tablets remain vulnerable to the rooting attacks because the patches Google deployed weren’t adequate."

https://arstechnica.com/information-technology/2018/07/new-rampage-exploit-revives-rowhammer-attack-to-root-android-devices/

Security Holes in Machine Learning And AI 

"Machine learning and AI developers are starting to examine the integrity of training data, which in some cases will be used to train millions or even billions of devices."

http://semiengineering.com/security-holes-in-machine-learning-and-ai/

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 7/02/2018

Comment

This Week In Hardware Security 7/02/2018

Bringing you the latest in Hardware Security every week!

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

"Intel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications."

https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/

Vulnerabilities in these IoT cameras could give attackers full control, warn researchers 

"Vulnerabilities in almost 400 models of internet connected video camera by one manufacturer could allow attackers to take remote control of devices for use as a surveillance tool with the ability to snoop on any audio or video it recorded"

https://www.zdnet.com/article/vulnerabilities-in-these-iot-cameras-could-give-attackers-full-control-warn-researchers/

 

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 6/14/2018

Comment

This Week In Hardware Security 6/14/2018

Bringing you the latest in Hardware Security every week!

Lazy FPU X86 Flaw Hits Intel Processors With Yet Another Major Security Vulnerability

"A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor's speculative execution technology"

https://hothardware.com/news/lazy-fpu-x86-flaw-hits-intel-processors

Apple to Close iPhone Security Hole that Law Enforcement Uses to Crack Devices 

"An update Apple is planning for its iPhone software would close a technological loophole that law enforcement agencies have exploited to gain access to information on those devices."

https://www.nytimes.com/2018/06/13/technology/apple-iphone-police.html

VPNFilter malware caught infecting Asus, D-Link, Huawei, ZTE & others

"VPNFilter malware was discovered by Cisco Talos but it got more attention when the FBI, a couple of weeks ago, seized a domain hosting botnet of 500,000 hacked IoT devices including network-access storage (NAS) devices and home and office (SOHO) routers in at least 54 countries."

https://www.hackread.com/vpnfilter-malware-infects-asus-d-link-huawei-zte/

 

 

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/30/2018

Comment

This Week In Hardware Security 5/30/2018

Bringing you the latest in Hardware Security every week!

Encryption of AMD EPYC VMs can be broken, researchers prove

"AMD EPYC server chipsets are supposed to provide a high level of security, but a German team has managed to gain control through a hypervisor exploit."

https://www.techrepublic.com/article/encryption-of-amd-epyc-vms-can-be-broken-researchers-prove/

Spectre chip security vulnerability strikes again; patches incoming

"A Google developer discovered a new way that a 'Spectre'-style check can be used to attack any computer running any operating system."

https://www.zdnet.com/article/spectre-chip-security-vulnerability-strikes-again-patches-incoming/

Researchers hack BMW cars, discover 14 vulnerabilities

"Keen Security Lab researchers have discovered fourteen vulnerabilities affecting a variety of BMW car models."

https://www.helpnetsecurity.com/2018/05/23/hack-bmw-cars/

5-year-old IoT attack resurfaces, puts millions of devices at risk

"IoT chip manufacturer Z-Wave reportedly fixed issues with its pairing process that allowed attackers to hijack internet-connected devices, but one security firm completely circumvented it."

https://www.techrepublic.com/article/5-year-old-iot-attack-resurfaces-puts-millions-of-devices-at-risk/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/22/2018

1 Comment

This Week In Hardware Security 5/22/2018

Bringing you the latest in Hardware Security every week!

Google, Microsoft find another Spectre, Meltdown flaw

"Intel and Microsoft on Monday disclosed a newly found variant of the Spectre and Meltdown security flaws, revealing another vulnerability in chips used in hundreds of millions of computers and mobile devices. Intel is calling the new strain "Variant 4.""

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/

Designing Hardware For Security

"Most attacks in the past focused on gaining access to software, but Meltdown and Spectre have changed that forever."

https://semiengineering.com/designing-hardware-for-security/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week in Hardware Security 5/8/2018

Comment

This Week in Hardware Security 5/8/2018

Bringing you the latest in Hardware Security every week!

'Next generation' flaws found on computer processors: magazine

"Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday."

https://www.reuters.com/article/us-cyber-intel/next-generation-flaws-found-on-computer-processors-magazine-idUSKBN1I42BZ

'Design for Security' program launched by Purdue, Intel

"A new program that educates students on how to incorporate digital security in all phases of the design and manufacturing process is being launched by Intel Corp. and Purdue University."

https://www.purdue.edu/newsroom/releases/2018/Q2/design-for-security-program-launched-by-purdue,-intel.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/1/18

Comment

This Week In Hardware Security 5/1/18

Bringing you the latest in Hardware Security every week!

Apple Is Struggling To Stop A 'Skeleton Key' Hack On Home Wi-Fi

"...an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own chips into "skeleton keys."

https://www.forbes.com/sites/thomasbrewster/2018/04/26/skeleton-key-exploits-apple-mfi-trust/#4dfdeea1503c

Hackers have found a way to jailbreak the Nintendo Switch

"Hackers have found a way into the Nintendo Switch, possibly giving those with a high level of technical knowledge a way to run pirated games on the portable console."

https://www.washingtonpost.com/news/the-switch/wp/2018/04/24/hackers-have-found-a-way-to-jailbreak-the-nintendo-switch/?noredirect=on&utm_term=.016f58c3d86a

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 4/23/18

Comment

This Week In Hardware Security 4/23/18

Bringing you the latest in Hardware Security every week!

Tortuga Logic to Develop Novel Hardware Security Solutions with Support from DARPA Program

"Tortuga Logic, a hardware security company with technology that identifies security vulnerabilities in semiconductor designs, today announced that it has received a contract from the Defense Advanced Research Projects Agency (DARPA) to develop additional hardware security solutions."

https://www.businesswire.com/news/home/20180404005040/en/Tortuga-Logic-Develop-Hardware-Security-Solutions-Support

Intel debuts security solutions at the silicon level

"Intel has revealed a range of new security solutions designed to protect the latest wave of new technologies."

https://www.zdnet.com/article/intel-debuts-security-solutions-at-the-silicon-level/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 4/2/18

1 Comment

This Week In Hardware Security 4/2/18

Bringing you the latest in Hardware Security every week!

First Spectre, now BranchScope — another vulnerability in Intel processors

"Researchers from four universities discovered a new vulnerability in Intel’s processors dubbed as BranchScope. The problem resides in the method a processor uses to predict where its current computational task will end, aka speculative execution. By exploiting this flaw, hackers with access to the PC could pull data stored from memory that’s otherwise inaccessible to all applications and users. "

https://www.digitaltrends.com/computing/branchscope-vulnerability-intel-processors-spectre/

Windows 7 Meltdown patch opens worse vulnerability: Install March updates now

"Microsoft's early patches for Intel's Meltdown CPU vulnerability created an even bigger problem in Windows 7 that allowed any unprivileged application to read kernel memory."

http://www.zdnet.com/article/windows-7-meltdown-patch-opens-worse-vulnerability-install-march-updates-now/

‘Tamper-Proof’ Crypto Wallet Hacked by 15 Year Old

"Ledger boasts that it’s crypto wallet hardware is tamper-proof, however this claim appears to have fallen flat on its face after a 15-year old French hacker claimed to have successfully broken into it."

https://digit.fyi/ledger-crypto-wallet-hacked/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 3/26/18

Comment

This Week In Hardware Security 3/26/18

Bringing you the latest in Hardware Security every week!

Microsoft offers $250,000 bounty to prevent the next Meltdown and Spectre CPU flaws

"Microsoft is introducing a new bug bounty reward for the “speculative execution” CPU vulnerabilities that were disclosed recently. The software giant is offering up to $250,000 for bugs that are similar to the Meltdown and Spectre CPU flaws. Microsoft’s bounty will run until the end of the year, and it’s clearly designed to discover additional flaws as researchers begin to look at these types of vulnerabilities in processor designs."

https://www.theverge.com/2018/3/15/17124362/microsoft-spectre-bug-bounty-speculative-execution

AMD has fixes coming for its 13 chip vulnerabilities

"The chipmaker says the patches will arrive within a few weeks and AMD device owners shouldn’t worry about the reported flaws."

https://www.cnet.com/news/amd-has-fixes-coming-for-its-13-chip-vulnerabilities/

Hardware Backdoor Remote Hack for Automotive Connected Car CAN Bus

"Researchers Sheila Ayelen Berta and Claudio Caracciolo have created a tiny back hardware backdoor for the CAN bus, called “The Bicho”. They will be presenting it on unlucky April 13 at HITBSecConf in Amsterdam that connects to the vehicle’s OBD-II port. The pair have been called “Hack in the Box Duo.""

http://www.autoconnectedcar.com/2018/03/hardware-backdoor-remote-hack-for-automotive-connected-car-can-bus/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 3/15/18

1 Comment

This Week In Hardware Security 3/15/18

Bringing you the latest in Hardware Security every week!

AMD allegedly has its own Spectre-like security flaws

"CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers."

https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

Former Apple security engineer’s new firm claims it will unlock any iPhone – for $15,000

"Just about a week ago, word emerged that the Israeli-based security firm Cellebrite had developed a tool which enables it to access any locked iPhone model running any iteration of iOS, including an iPhone X running iOS 11. In the wake of that revelation, Forbes relays that another security firm — a U.S. based company called Grayshift — has come up with an iOS 11 workaround of its own, albeit with some limitations."

http://bgr.com/2018/03/05/iphone-security-ios-11-solution-brute-force-passcode-guessing/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 3/1/18

1 Comment

This Week In Hardware Security 3/1/18

A Development Lifecycle Approach to Security Verification

"We have become accustomed to the idea that safety expectations cant be narrowed down to one thing you do in design. They pervade all aspects of design from overall process through analysis, redundancies in design, fault analytics and mitigation for faults and on-board monitors for reliability among other requirements and techniques. 21180 Why shouldnt similar concepts apply to security also?"

https://www.semiwiki.com/forum/content/7299-development-lifecycle-approach-security-verification.html

Intel rolls out Spectre updates for 7th and 8th-gen Core chips

"Intel is attempting to patch Spectre again today with the rollout of patches for Kaby Lake-, Coffee Lake-, and Skylake-based platforms. The updates will cover the company’s sixth, seventh, and eighth-generation Intel Core product lines, as well as the X-series processor family. The Xeon Scalable and Intel Xeon D processors for data center systems will also be protected."

https://www.theverge.com/2018/2/21/17036626/intel-spectre-patch-chip-update-7th-8th-gen

Recent Intel CPUs Take Performance Hit With Spectre, Meltdown Patches

"The average performance decline is in-line with the single-digit prediction, though there are exceptions, with some browser tests showing a ~10 percent drop. The largest drop is in PCMark 10’s app load times, which declined by 13.5 percent after a Spectre patch was applied. We’ve talked before about Meltdown possibly hitting I/O tests hard, but this is the first indication Spectre might whack them again."

https://www.extremetech.com/computing/264796-recent-intel-cpus-take-performance-hit-spectre-meltdown-patches

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/22/18

1 Comment

This Week In Hardware Security 2/22/18

Bringing you the latest in Hardware Security every week!

Researchers discover new ways to abuse Meltdown and Spectre flaws

"A team of security researchers from NVIDIA and Princeton University have discovered new ways to exploit Meltdown and Spectre outside of those idenfitied in the past. The researchers developed a tool to explore how else cyber criminals could take advantage of the CPU flaws and found new techniques that could be used to extract sensitive info like passwords from devices."

https://www.engadget.com/2018/02/15/meltdownprime-spectreprime-research/

First Intel, now AMD also faces multiple class-action suits over Spectre attacks

"Intel rival AMD is also facing a number of class-action lawsuits over how it's responded to the Meltdown and Spectre CPU flaws.."

http://www.zdnet.com/article/first-intel-now-amd-also-faces-multiple-class-action-suits-over-spectre-attacks/

Surprise! Yet Another Baby Monitor Can Be Hacked by a Child

"According to Austrian cybersecurity firm SEC Consult, in addition to its 720P HD quality camera and free local video recording, the Mi-Cam comes equipped with “multiple critical vulnerabilities” allowing for the “hijacking of arbitrary video baby monitors.” We’re talking outdated firmware affected by numerous publicly known vulnerabilities; root access protected by 4-digit default credentials; and an easy-to-brute-force password-forget function."

https://gizmodo.com/surprise-yet-another-baby-monitor-can-be-hacked-by-a-c-1823197913

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/15/18

1 Comment

This Week In Hardware Security 2/15/18

Bringing you the latest in Hardware Security every week!

Secure Development Lifecycle for Hardware Becomes an Imperative

"Given recent events, its time for chip makers to take a page from the software vendor handbook and step up their game in heading off potentially costly threats. "

https://www.eetimes.com/author.asp?section_id=36&doc_id=1332962

Intel expands bug bounty to catch more Spectre-like security flaws

"The program is now open to all security researchers, not just by invitation, and includes sweeter rewards for discovering exploits. You now get up to $100,000 for disclosing general security flaws, and there's a new program dedicated to side channel vulnerabilities (read: issues like Spectre) that offers up to $250,000 through December 31st, 2018."

https://www.engadget.com/2018/02/14/intel-expands-bug-bounty-to-catch-spectre-like-security-flaws/

Linux hacked on to the Nintendo Switch thanks to CPU flaw

"Hackers have been hard at work on the Nintendo Switch during its first year in circulation, successfully exploiting its browser and paving the way for homebrew software. The latest development sees hackers run Linux on the hybrid console, thanks to a flaw in the processor."

https://www.kitguru.net/gaming/damien-cox/nintendo-switch-linux-hack/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/8/18

1 Comment

This Week In Hardware Security 2/8/18

Bringing you the latest in Hardware Security every week!

Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History'

"Source code for iBoot, one of the most critical iOS programs, was anonymously posted on GitHub."

https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera

"When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone—realistically, most people—who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery.

But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled but frozen."

https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/

Intel releases updated Spectre and Meltdown patches for Skylake systems

"After previously releasing unstable patches, Intel has now launched a microcode update for Skylake systems."

https://betanews.com/2018/02/08/intel-spectre-meltdown-patch-skylake/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment