This Week In Hardware Security 2/15/18

Comment

This Week In Hardware Security 2/15/18

Bringing you the latest in Hardware Security every week!

Secure Development Lifecycle for Hardware Becomes an Imperative

"Given recent events, its time for chip makers to take a page from the software vendor handbook and step up their game in heading off potentially costly threats. "

https://www.eetimes.com/author.asp?section_id=36&doc_id=1332962

Intel expands bug bounty to catch more Spectre-like security flaws

"The program is now open to all security researchers, not just by invitation, and includes sweeter rewards for discovering exploits. You now get up to $100,000 for disclosing general security flaws, and there's a new program dedicated to side channel vulnerabilities (read: issues like Spectre) that offers up to $250,000 through December 31st, 2018."

https://www.engadget.com/2018/02/14/intel-expands-bug-bounty-to-catch-spectre-like-security-flaws/

Linux hacked on to the Nintendo Switch thanks to CPU flaw

"Hackers have been hard at work on the Nintendo Switch during its first year in circulation, successfully exploiting its browser and paving the way for homebrew software. The latest development sees hackers run Linux on the hybrid console, thanks to a flaw in the processor."

https://www.kitguru.net/gaming/damien-cox/nintendo-switch-linux-hack/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 2/8/18

Comment

This Week In Hardware Security 2/8/18

Bringing you the latest in Hardware Security every week!

Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History'

"Source code for iBoot, one of the most critical iOS programs, was anonymously posted on GitHub."

https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera

"When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone—realistically, most people—who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery.

But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled but frozen."

https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/

Intel releases updated Spectre and Meltdown patches for Skylake systems

"After previously releasing unstable patches, Intel has now launched a microcode update for Skylake systems."

https://betanews.com/2018/02/08/intel-spectre-meltdown-patch-skylake/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 2/1/18

Comment

This Week In Hardware Security 2/1/18

Bringing you the latest in Hardware Security every week!

Meltdown-Spectre: Malware is already being tested by attackers

"German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs."

http://www.zdnet.com/article/meltdown-spectre-malware-is-already-being-tested-by-attackers/

Jackpotting cyberattack hits US, forces ATMs to spit out money for hackers

"ATM manufacturers Diebold Nixdorf Inc and NCR Corp have confirmed that they notified clients of the spread of jackpotting, a hack that empties ATMs of cash, into the United States."

https://www.techrepublic.com/article/jackpotting-cyberattack-hits-us-forces-atms-to-spit-out-money-for-hackers/

All computers are flawed -- and the fix will take years

"All the world's computers are flawed, and companies are fumbling with fixes. It will take years until the issue is fully sorted out."

http://money.cnn.com/2018/01/26/technology/intel-chip-flaws-response-future-bugs/index.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 1/26/18

Comment

This Week In Hardware Security 1/26/18

Bringing you the latest in Hardware Security every week!

Red Hat dumps Spectre CPU patches that brick servers

"Enterprise Linux vendor Red Hat will no longer distribute microcode patches to mitigate against the Spectre processor flaw after bugs in the patches stopped user systems from booting up."

https://www.itnews.com.au/news/red-hat-dumps-spectre-cpu-patches-that-brick-servers-481526

Intel Claims 90 Percent of Affected CPUs Have Live Patches Just as Rumors of New Attacks Arrive

"Today the security world is wondering whether a new pair of attacks that are allegedly based on work related to Meltdown and Spectre is on the horizon—or just a hoax taking advantage of CPU-exploit fears."

https://gizmodo.com/intel-claims-90-percent-of-affected-cpus-have-live-patc-1822192075

ARM’s CEO Simon Segars on Spectre/Meltdown, IoT security and more

"As for Spectre and Meltdown, Segars noted that the attacks have raised the awareness of how many microprocessors there are in the world today, though he also stressed that this attack exploits the features of high-performance chips — and only 5 percent of the chips that ARM’s licensees have sold in the past are susceptible to the attack."

https://techcrunch.com/2018/01/18/arms-ceo-simon-segars-on-spectre-meltdown-iot-security-and-more/

Wall Street to grill Intel on chip security flaws

"Wall Street analysts will grill Intel Corp executives on how massive security flaws in its computer chips are impacting business when the company reports quarterly results on Thursday."

https://www.reuters.com/article/us-intel-results-outlook/wall-street-to-grill-intel-on-chip-security-flaws-idUSKBN1FE1C5

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 1/18/18

Comment

This Week In Hardware Security 1/18/18

Bringing you the latest in Hardware Security every week!

A Congressman has new questions for chipmakers about Meltdown and Spectre response

"The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating."

https://www.theverge.com/2018/1/16/16898094/meltdown-spectre-vulnerability-letter-congress-intel-amd-arm

Patch for Spectre, Meltdown causing problems in older chips

"Virtually all computer and mobile chips were affected by the Spectre flaw, and software makers, device manufacturers, and chipmakers themselves are working to secure consumers. But fixes are not happening smoothly."

http://money.cnn.com/2018/01/12/technology/intel-chip-bugs-vulnerability/index.html

Cyber Attacks Continue to Succeed

"Spectre and Meltdown demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry."

https://www.eetimes.com/author.asp?section_id=36&doc_id=1332843

Critical Intel AMT Flaw Lets Attackers Hack Laptops in Mere Seconds

"In its official statement released on Friday, 12th January regarding the newly identified hardware flaw, F-Secure stated that it allows hackers to remotely access corporate laptops."

https://www.hackread.com/critical-intel-amt-flaw-lets-attackers-hack-laptops-mere-seconds/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 1/11/18

Comment

This Week In Hardware Security 1/11/18

Bringing you the latest in Hardware Security every week!

A Critical Intel Flaw Breaks Basic Security for Most Computers (Meltdown and Spectre)

"Earlier this week, security researchers took note of a series of changes Linux and Windows developers began rolling out in beta updates to address a critical security flaw: A bug in Intel chips allows low-privilege processes to access memory in the computer's kernel, the machine's most privileged inner sanctum."

https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

Nvidia releases patches for chip exploit also affecting Intel and AMD

"Santa Clara-based chipmaker Nvidia Corp. this week said it's releasing patches for a wide-reaching security flaw that also impacts rivals Intel Corp, Advanced Micro Devices and ARM Holdings."

https://www.bizjournals.com/sanjose/news/2018/01/10/nvidia-gpu-chips-meltdown-spectre-intc-amd.html

Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs

"Microsoft has paused distributing its Meltdown and Spectre security updates for some older AMD machines after reports of PCs not booting. Microsoft’s support forums have been full of complaints from PC owners with AMD processors, and the software giant has acknowledged the issues today. Microsoft is blaming AMD’s documentation for the unexpected problems."

https://www.theverge.com/2018/1/9/16867068/microsoft-meltdown-spectre-security-updates-amd-pcs-issues

ARM Says About 5% of Its Chips Have Hack Vulnerability

"ARM Holdings Plc., whose technology is at the heart of most major mobile phone components, said about 5 percent of chips made using its designs and intellectual property are vulnerable to the potential hardware hack known as Spectre, revealed by technology companies last week."

https://www.bloomberg.com/news/articles/2018-01-09/arm-says-about-5-of-its-chips-have-hack-vulnerability

Intel to set up new group to focus on hardware security

"Chip maker is reportedly planning to form a new group to focus on hardware security as it scrambles to limit the impact of recently discovered security flaws in chip designs."

http://www.computerweekly.com/news/450432804/Intel-to-set-up-new-group-to-focus-on-hardware-security

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 12/20/17

Comment

This Week In Hardware Security 12/20/17

Bringing you the latest in Hardware Security every week!

A Tiny New Chip Could Secure the Next Generation of IoT

"Microsoft Research has poured its IoT efforts into Project Sopris, placing the IoT security focus to microcontrollers."

https://www.wired.com/story/project-sopris-iot-security/

Four U.S. Engineers Charged With Trying to Steal Chip Designs for a Chinese Startup

"Four former Applied Materials Inc. engineers have been charged with attempting to steal chip designs from the semiconductor equipment company to sell to a Chinese startup."

http://fortune.com/2017/12/07/us-engineers-semiconductor-chips-chinese-startup/

Tortuga Logic Appoints Andrew Dauman Vice President of Engineering to Oversee Product Development, R&D

"Tortuga Logic, a hardware security specialist with technology that identifies security vulnerabilities in semiconductor designs, today named Andrew Dauman vice president of engineering."

https://globenewswire.com/news-release/2017/12/14/1262178/0/en/Tortuga-Logic-Appoints-Andrew-Dauman-Vice-President-of-Engineering-to-Oversee-Product-Development-R-D.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 12/6/17

Comment

This Week In Hardware Security 12/6/17

Bringing you the latest in Hardware Security every week!

5 Pitfalls That May Kill The IoT (Security is #1!)

"Many things could trip up the predicted explosion of connected devices, but the hurdles aren’t insurmountable."

https://semiengineering.com/the-five-pitfalls-that-may-kill-the-iot/

Computer vendors start disabling Intel Management Engine

"Intel has admitted that its in-chip Intel Management Engine program has major security holes. Some PC vendors are now disabling Management Engine to protect their customers."

http://www.zdnet.com/article/computer-vendors-start-disabling-intel-management-engine/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 11/30/17

Comment

This Week In Hardware Security 11/30/17

Bringing you the latest in Hardware Security every week!

Intel Chip Flaws Leave Millions of Devices Exposed

"Security researchers have raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible."

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/

Newly Revealed Flaw Could Subject IoT Devices to Airborne Attacks

"Billions of voice-activated Internet of Things devices may be subject to external attack due to BlueBorne vulnerabilities, Armis revealed on Wednesday."

https://www.technewsworld.com/story/84963.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 11/17/17

Comment

This Week In Hardware Security 11/17/17

Bringing you the latest in Hardware Security every week!

Tortuga Logic raises $2 million to build chip-level security systems

"Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security."

https://techcrunch.com/2017/11/16/tortuga-logic-raises-2-million-to-build-chip-level-security-systems/

Security vulnerability in IoT cameras could allow remote control by hackers

"Newly uncovered vulnerabilities in a popular brand of indoor internet-connected cameras could be exploited by attackers in order to gain complete control of the device."

http://www.zdnet.com/article/security-vulnerability-in-iot-cameras-could-allow-remote-control-by-hackers/

Security Firm Says Extremely Creepy Mask Cracks iPhone X's Face ID

"Less than a week after the iPhone X release, a Vietnamese security firm says it has done what others couldn't — trick the phone's facial recognition software. How? One very creepy mask."

https://www.npr.org/sections/thetwo-way/2017/11/13/563741014/security-firm-says-extremely-creepy-mask-cracks-iphone-xs-face-id

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 11/8/17

Comment

This Week In Hardware Security 11/8/17

Bringing you the latest in Hardware Security every week!

Eir replaced thousands of faulty modems over security worries

"20,000 modems were replaced by Eir after an investigation by the Data Protection Commissioner."

https://www.siliconrepublic.com/enterprise/eir-modems-replacements

Security Solutions Dominate Arm TechCon

"The hot topic at this year’s Arm TechCon conference was security, and Arm was not the only one hawking its wares."

http://www.electronicdesign.com/industrial-automation/security-solutions-dominate-arm-techcon

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 11/1/17

Comment

This Week In Hardware Security 11/1/17

Bringing you the latest in Hardware Security every week!

Latest IoT DDoS Attack Could Affect Millions of Users Worldwide

"Cybersecurity experts warned that the Reaper Botnet can compromise all internet-connected devices."

https://koddos.net/blog/latest-iot-ddos-attack-affect-millions-users-worldwide/

Security flaw in LG IoT software left home appliances vulnerable

"LG has updated its software security after researchers found flaw that left dishwashers, washing machines, air conditioners, and even a robot vacuum cleaner accessible by hackers."

http://www.zdnet.com/article/security-flaw-in-lg-iot-software-left-home-appliances-vulnerable/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 10/25/17

Comment

This Week In Hardware Security 10/25/17

Bringing you the latest in Hardware Security every week!

‘Unhackable’ electronic chip being developed in Abu Dhabi

"New York University Abu Dhabi researcher says the chip, which could be used in phones, is the first prototype to have security features built into the hardware and he is inviting hackers to try to break the code."

https://www.thenational.ae/uae/unhackable-electronic-chip-being-developed-in-abu-dhabi-1.669284

ARM unveils plan to secure the “internet of things” inside the chip

"U.K.-based chip designer ARM Ltd. today unveiled its vision for protecting more than a trillion connected devices, with security embedded deep into the silicon that powers them."

https://siliconangle.com/blog/2017/10/23/arm-unveils-platform-security-architecture-secure-internet-things/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 10/18/17

Comment

This Week In Hardware Security 10/18/17

Bringing you the latest in Hardware Security every week!

Researchers warn of Infineon security chip flaw

"Researchers have published the discovery of a key generation flaw in security chips produced by Infineon Technologies since at least 2012 and which allows attackers to turn a public RSA cryptographic key into its private half."

https://www.bit-tech.net/news/tech/software/researchers-warn-of-infineon-security-chip-flaw/1/

Wi-Fi encryption can be hacked and anyone can spy on your internet activity

"The encrypted WPA2 protocol was just breached, putting at risk everyone who uses wireless internet at home or abroad."

http://bgr.com/2017/10/16/wi-fi-krack-hack-wpa2-encryption/

Xilinx Kicks Off 2017 Security Working Group Series Addressing the Latest Topics on Hardware Security in Embedded Applications

"Xilinx, Inc. (XLNX) kicked off its annual Xilinx Security Working Group (XSWG) workshop series today in Longmont, Colorado with additional dates scheduled in Washington D.C., Paris and Munich. "

https://www.broadwayworld.com/bwwgeeks/article/Xilinx-Kicks-Off-2017-Security-Working-Group-Series-Addressing-the-Latest-Topics-on-Hardware-Security-in-Embedded-Applications-20171017

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 10/11/17

Comment

This Week In Hardware Security 10/11/17

Bringing you the latest in Hardware Security every week!

'Crypto Anchors' Might Stop the Next Equifax-Style Megabreach

"Firewalls, intrusion detection systems, and even encryption haven't kept hackers out of hoards of data like the ones stolen in the catastrophic breaches of Equifax or Yahoo. But now, some Silicon Valley firms are trying a deeper approach, building security into the basic design of how data moves between a company's servers."

https://www.wired.com/story/crypto-anchors-breach-security/

Hack-Vulnerable Voting Machines a 'National Security Threat,' Experts Warn

"A new report breaks down the lessons learned at the DEF CON 25 hacking conference, which amounted to a concentrated attack—orchestrated in the name of public safety—on the programming and machinery used in U.S. elections."

http://www.newsweek.com/hacking-defcon-voting-machines-technology-software-eac-russia-meddling-681759

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 10/4/17

Comment

This Week in Hardware Security 10/4/17

Bringing you the latest in Hardware Security every week!

Security-Oblivious Design Makes TrustZone Vulnerable to Attack

"Many automotive SoCs take advantage of ARM’s TrustZone. But researchers at Columbia Univ. succeeded in attacking a security-oblivious design by compromising the DVFS SoC support."

http://www.electronicdesign.com/automotive/security-oblivious-design-makes-trustzone-vulnerable-attack

FBI won’t have to reveal details on iPhone hacking tool used in San Bernardino case

"A federal court ruled yesterday that the FBI does not have to disclose either the name of the vendor used or price the government paid to hack into the iPhone 5C."

https://www.theverge.com/2017/10/1/16393074/apple-iphone-fbi-hacking-tool-san-bernardino-case-secret-court-order

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 9/27/17

Comment

This Week in Hardware Security 9/27/17

Bringing you the latest in Hardware Security every week!

CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features

"A team of three scientists from Columbia University has discovered that by attacking the combo of hardware and software management utilities embedded with modern chipsets, threat actors can take over systems via an attack surface found in almost all modern electronic devices."

https://www.bleepingcomputer.com/news/security/clkscrew-attack-can-hack-modern-chipsets-via-their-power-management-features/

'Smart' Hospital IV Pump Vulnerable To Remote Hack Attack

"...security researchers have discovered eight vulnerabilities in a syringe infusion pump used by hospitals to help administer medication to patients intravenously."

https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml

 

Want more Hardware Security news? Sign up for our mailing list!

 

Comment

This Week in Hardware Security 9/20/17

Comment

This Week in Hardware Security 9/20/17

Bringing you the latest in Hardware Security every week!

New Bluetooth vulnerability can hack a phone in 10 seconds

"Security company Armis has found a collection of eight exploits, collectively called BlueBorne, that can allow an attacker access to your phone without touching it. The attack can allow access to computers and phones, as well as IoT devices."

https://techcrunch.com/2017/09/12/new-bluetooth-vulnerability-can-hack-a-phone-in-ten-seconds/

Second Researcher Drops Router Exploit Code After D-Link Mishandles Bug Reports

"Embedi, a hardware security firm, has published details about two vulnerabilities that have yet to be patched in the firmware of D-Link routers. This marks the second incident of this sort in the last five days."

https://www.bleepingcomputer.com/news/security/second-researcher-drops-router-exploit-code-after-d-link-mishandles-bug-reports/

Risky Routers? New Malware Attacks Leverage Popular Hardware by Proxy

"Hardware is now a top-tier threat vector for cybercriminals. Internet of Things (IoT) devices are leading the charge, since many lack basic security protections but have almost unlimited access to network resources. "

https://securityintelligence.com/news/risky-routers-new-malware-attacks-leverage-popular-hardware-by-proxy/

Comment

NEW whitepaper - "Verifying Security at the Hardware/Software Boundary"

Comment

NEW whitepaper - "Verifying Security at the Hardware/Software Boundary"

We have a new whitepaper that describes:

• That Hardware Security review is a time-consuming and unreliable process

• How the inclusion of boot code can exacerbate the complexity of Hardware Security review

• The landscape of known Hardware Security threats

• How Unison, Tortuga Logic's new Hardware Security simulation platform, can drastically decrease the time it takes to perform security review at the hardware/software boundary

Click here to download!

Comment