This Week in Hardware Security 09/17/18

Comment

This Week in Hardware Security 09/17/18

Bringing you the latest in Hardware Security every week!

Researchers hack and steal a Model S; Tesla says vulnerability now fixed

"Two Belgian security experts discovered an encryption flaw that let them drive away in a Tesla Model S without busting any glass or cutting any wires. "

https://www.digitaltrends.com/cars/researchers-use-encryption-flaw-to-hack-and-steal-a-tesla-model-s/


Security flaw can leak Intel ME encryption keys

"Chipmaker Intel has released firmware updates on Tuesday for a security flaw that can allow an attacker to recover, modify, or delete data stored on Intel's CPU chip-on-chip system. "

https://www.zdnet.com/article/security-flaw-can-leak-intel-me-encryption-keys/

  

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 08/14/18

Comment

This Week in Hardware Security 08/14/18

Bringing you the latest in Hardware Security every week!

Hacker Finds Hidden 'God Mode' on Old x86 CPUs

"Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9)."

https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html


Samsung Galaxy S7 smartphones vulnerable to hacking: researchers 

"Samsung’s Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that has put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters."

https://www.reuters.com/article/us-cyber-conference-samsung-elec/samsung-galaxy-s7-smartphones-vulnerable-to-hacking-researchers-idUSKBN1KT0NL

 

Elaborate hack turned Amazon Echo speakers into spies

"They've disclosed an attack on the Echo that uses both a modified speaker and a string of Alexa web interface vulnerabilities to remotely eavesdrop on regular models. It sounds nefarious, but it requires more steps than would be viable for most intruders."

https://www.engadget.com/2018/08/12/amazon-echo-speaker-complicated-surveillance-hack/

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 7/27/18

Comment

This Week in Hardware Security 7/27/18

Bringing you the latest in Hardware Security every week!

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

"Computer security researchers have devised a way to exploit the speculative-execution design flaws in modern processor chips over a network connection – a possibility that sounds rather more serious but may be something less than that."

https://www.theregister.co.uk/2018/07/26/netspectre_network_leak/


Update Your iPhones And Androids Now If You Don't Want Your Bluetooth Hacked 

"There’s a potentially serious vulnerability affecting Bluetooth that could lead to leaks of private data from Apple, Google and Intel-based smartphones and PCs. Patches are being made available, so concerned users should update where they can. Millions, if not hundreds of millions or billions, of devices are likely affected."

https://www.forbes.com/sites/thomasbrewster/2018/07/24/bluetooth-hack-warning-for-iphone-android-and-windows/#2a56f6537d73


Microprocessor designers realize security must be a primary concern

"Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. The best known recent examples were the chip flaws nicknamed Spectre and Meltdown that affected billions of computers, smartphones and other electronic devices."

http://theconversation.com/microprocessor-designers-realize-security-must-be-a-primary-concern-98044

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week in Hardware Security 7/10/2018

Comment

This Week in Hardware Security 7/10/2018

Bringing you the latest in Hardware Security every week!

Another Spectre CPU vulnerability among Intel's dirty dozen of security bug alerts today

"Intel will today emit a dozen security alerts for its products and code – including details of another vulnerability within the family of Spectre CPU flaws."

https://www.theregister.co.uk/2018/07/10/intel_security_spectre_advisories/

New RAMpage exploit revives Rowhammer attack to root Android devices 

"Now, 21 months later, many of the same researchers behind the attack, dubbed Drammer, are back to say that a large number of Android phones and tablets remain vulnerable to the rooting attacks because the patches Google deployed weren’t adequate."

https://arstechnica.com/information-technology/2018/07/new-rampage-exploit-revives-rowhammer-attack-to-root-android-devices/

Security Holes in Machine Learning And AI 

"Machine learning and AI developers are starting to examine the integrity of training data, which in some cases will be used to train millions or even billions of devices."

http://semiengineering.com/security-holes-in-machine-learning-and-ai/

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 7/02/2018

Comment

This Week In Hardware Security 7/02/2018

Bringing you the latest in Hardware Security every week!

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

"Intel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications."

https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/

Vulnerabilities in these IoT cameras could give attackers full control, warn researchers 

"Vulnerabilities in almost 400 models of internet connected video camera by one manufacturer could allow attackers to take remote control of devices for use as a surveillance tool with the ability to snoop on any audio or video it recorded"

https://www.zdnet.com/article/vulnerabilities-in-these-iot-cameras-could-give-attackers-full-control-warn-researchers/

 

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 6/14/2018

Comment

This Week In Hardware Security 6/14/2018

Bringing you the latest in Hardware Security every week!

Lazy FPU X86 Flaw Hits Intel Processors With Yet Another Major Security Vulnerability

"A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor's speculative execution technology"

https://hothardware.com/news/lazy-fpu-x86-flaw-hits-intel-processors

Apple to Close iPhone Security Hole that Law Enforcement Uses to Crack Devices 

"An update Apple is planning for its iPhone software would close a technological loophole that law enforcement agencies have exploited to gain access to information on those devices."

https://www.nytimes.com/2018/06/13/technology/apple-iphone-police.html

VPNFilter malware caught infecting Asus, D-Link, Huawei, ZTE & others

"VPNFilter malware was discovered by Cisco Talos but it got more attention when the FBI, a couple of weeks ago, seized a domain hosting botnet of 500,000 hacked IoT devices including network-access storage (NAS) devices and home and office (SOHO) routers in at least 54 countries."

https://www.hackread.com/vpnfilter-malware-infects-asus-d-link-huawei-zte/

 

 

 

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/30/2018

Comment

This Week In Hardware Security 5/30/2018

Bringing you the latest in Hardware Security every week!

Encryption of AMD EPYC VMs can be broken, researchers prove

"AMD EPYC server chipsets are supposed to provide a high level of security, but a German team has managed to gain control through a hypervisor exploit."

https://www.techrepublic.com/article/encryption-of-amd-epyc-vms-can-be-broken-researchers-prove/

Spectre chip security vulnerability strikes again; patches incoming

"A Google developer discovered a new way that a 'Spectre'-style check can be used to attack any computer running any operating system."

https://www.zdnet.com/article/spectre-chip-security-vulnerability-strikes-again-patches-incoming/

Researchers hack BMW cars, discover 14 vulnerabilities

"Keen Security Lab researchers have discovered fourteen vulnerabilities affecting a variety of BMW car models."

https://www.helpnetsecurity.com/2018/05/23/hack-bmw-cars/

5-year-old IoT attack resurfaces, puts millions of devices at risk

"IoT chip manufacturer Z-Wave reportedly fixed issues with its pairing process that allowed attackers to hijack internet-connected devices, but one security firm completely circumvented it."

https://www.techrepublic.com/article/5-year-old-iot-attack-resurfaces-puts-millions-of-devices-at-risk/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/22/2018

1 Comment

This Week In Hardware Security 5/22/2018

Bringing you the latest in Hardware Security every week!

Google, Microsoft find another Spectre, Meltdown flaw

"Intel and Microsoft on Monday disclosed a newly found variant of the Spectre and Meltdown security flaws, revealing another vulnerability in chips used in hundreds of millions of computers and mobile devices. Intel is calling the new strain "Variant 4.""

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/

Designing Hardware For Security

"Most attacks in the past focused on gaining access to software, but Meltdown and Spectre have changed that forever."

https://semiengineering.com/designing-hardware-for-security/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week in Hardware Security 5/8/2018

Comment

This Week in Hardware Security 5/8/2018

Bringing you the latest in Hardware Security every week!

'Next generation' flaws found on computer processors: magazine

"Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday."

https://www.reuters.com/article/us-cyber-intel/next-generation-flaws-found-on-computer-processors-magazine-idUSKBN1I42BZ

'Design for Security' program launched by Purdue, Intel

"A new program that educates students on how to incorporate digital security in all phases of the design and manufacturing process is being launched by Intel Corp. and Purdue University."

https://www.purdue.edu/newsroom/releases/2018/Q2/design-for-security-program-launched-by-purdue,-intel.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/1/18

Comment

This Week In Hardware Security 5/1/18

Bringing you the latest in Hardware Security every week!

Apple Is Struggling To Stop A 'Skeleton Key' Hack On Home Wi-Fi

"...an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own chips into "skeleton keys."

https://www.forbes.com/sites/thomasbrewster/2018/04/26/skeleton-key-exploits-apple-mfi-trust/#4dfdeea1503c

Hackers have found a way to jailbreak the Nintendo Switch

"Hackers have found a way into the Nintendo Switch, possibly giving those with a high level of technical knowledge a way to run pirated games on the portable console."

https://www.washingtonpost.com/news/the-switch/wp/2018/04/24/hackers-have-found-a-way-to-jailbreak-the-nintendo-switch/?noredirect=on&utm_term=.016f58c3d86a

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 4/23/18

Comment

This Week In Hardware Security 4/23/18

Bringing you the latest in Hardware Security every week!

Tortuga Logic to Develop Novel Hardware Security Solutions with Support from DARPA Program

"Tortuga Logic, a hardware security company with technology that identifies security vulnerabilities in semiconductor designs, today announced that it has received a contract from the Defense Advanced Research Projects Agency (DARPA) to develop additional hardware security solutions."

https://www.businesswire.com/news/home/20180404005040/en/Tortuga-Logic-Develop-Hardware-Security-Solutions-Support

Intel debuts security solutions at the silicon level

"Intel has revealed a range of new security solutions designed to protect the latest wave of new technologies."

https://www.zdnet.com/article/intel-debuts-security-solutions-at-the-silicon-level/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 4/2/18

1 Comment

This Week In Hardware Security 4/2/18

Bringing you the latest in Hardware Security every week!

First Spectre, now BranchScope — another vulnerability in Intel processors

"Researchers from four universities discovered a new vulnerability in Intel’s processors dubbed as BranchScope. The problem resides in the method a processor uses to predict where its current computational task will end, aka speculative execution. By exploiting this flaw, hackers with access to the PC could pull data stored from memory that’s otherwise inaccessible to all applications and users. "

https://www.digitaltrends.com/computing/branchscope-vulnerability-intel-processors-spectre/

Windows 7 Meltdown patch opens worse vulnerability: Install March updates now

"Microsoft's early patches for Intel's Meltdown CPU vulnerability created an even bigger problem in Windows 7 that allowed any unprivileged application to read kernel memory."

http://www.zdnet.com/article/windows-7-meltdown-patch-opens-worse-vulnerability-install-march-updates-now/

‘Tamper-Proof’ Crypto Wallet Hacked by 15 Year Old

"Ledger boasts that it’s crypto wallet hardware is tamper-proof, however this claim appears to have fallen flat on its face after a 15-year old French hacker claimed to have successfully broken into it."

https://digit.fyi/ledger-crypto-wallet-hacked/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 3/26/18

Comment

This Week In Hardware Security 3/26/18

Bringing you the latest in Hardware Security every week!

Microsoft offers $250,000 bounty to prevent the next Meltdown and Spectre CPU flaws

"Microsoft is introducing a new bug bounty reward for the “speculative execution” CPU vulnerabilities that were disclosed recently. The software giant is offering up to $250,000 for bugs that are similar to the Meltdown and Spectre CPU flaws. Microsoft’s bounty will run until the end of the year, and it’s clearly designed to discover additional flaws as researchers begin to look at these types of vulnerabilities in processor designs."

https://www.theverge.com/2018/3/15/17124362/microsoft-spectre-bug-bounty-speculative-execution

AMD has fixes coming for its 13 chip vulnerabilities

"The chipmaker says the patches will arrive within a few weeks and AMD device owners shouldn’t worry about the reported flaws."

https://www.cnet.com/news/amd-has-fixes-coming-for-its-13-chip-vulnerabilities/

Hardware Backdoor Remote Hack for Automotive Connected Car CAN Bus

"Researchers Sheila Ayelen Berta and Claudio Caracciolo have created a tiny back hardware backdoor for the CAN bus, called “The Bicho”. They will be presenting it on unlucky April 13 at HITBSecConf in Amsterdam that connects to the vehicle’s OBD-II port. The pair have been called “Hack in the Box Duo.""

http://www.autoconnectedcar.com/2018/03/hardware-backdoor-remote-hack-for-automotive-connected-car-can-bus/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 3/15/18

1 Comment

This Week In Hardware Security 3/15/18

Bringing you the latest in Hardware Security every week!

AMD allegedly has its own Spectre-like security flaws

"CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers."

https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

Former Apple security engineer’s new firm claims it will unlock any iPhone – for $15,000

"Just about a week ago, word emerged that the Israeli-based security firm Cellebrite had developed a tool which enables it to access any locked iPhone model running any iteration of iOS, including an iPhone X running iOS 11. In the wake of that revelation, Forbes relays that another security firm — a U.S. based company called Grayshift — has come up with an iOS 11 workaround of its own, albeit with some limitations."

http://bgr.com/2018/03/05/iphone-security-ios-11-solution-brute-force-passcode-guessing/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 3/1/18

1 Comment

This Week In Hardware Security 3/1/18

A Development Lifecycle Approach to Security Verification

"We have become accustomed to the idea that safety expectations cant be narrowed down to one thing you do in design. They pervade all aspects of design from overall process through analysis, redundancies in design, fault analytics and mitigation for faults and on-board monitors for reliability among other requirements and techniques. 21180 Why shouldnt similar concepts apply to security also?"

https://www.semiwiki.com/forum/content/7299-development-lifecycle-approach-security-verification.html

Intel rolls out Spectre updates for 7th and 8th-gen Core chips

"Intel is attempting to patch Spectre again today with the rollout of patches for Kaby Lake-, Coffee Lake-, and Skylake-based platforms. The updates will cover the company’s sixth, seventh, and eighth-generation Intel Core product lines, as well as the X-series processor family. The Xeon Scalable and Intel Xeon D processors for data center systems will also be protected."

https://www.theverge.com/2018/2/21/17036626/intel-spectre-patch-chip-update-7th-8th-gen

Recent Intel CPUs Take Performance Hit With Spectre, Meltdown Patches

"The average performance decline is in-line with the single-digit prediction, though there are exceptions, with some browser tests showing a ~10 percent drop. The largest drop is in PCMark 10’s app load times, which declined by 13.5 percent after a Spectre patch was applied. We’ve talked before about Meltdown possibly hitting I/O tests hard, but this is the first indication Spectre might whack them again."

https://www.extremetech.com/computing/264796-recent-intel-cpus-take-performance-hit-spectre-meltdown-patches

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/22/18

1 Comment

This Week In Hardware Security 2/22/18

Bringing you the latest in Hardware Security every week!

Researchers discover new ways to abuse Meltdown and Spectre flaws

"A team of security researchers from NVIDIA and Princeton University have discovered new ways to exploit Meltdown and Spectre outside of those idenfitied in the past. The researchers developed a tool to explore how else cyber criminals could take advantage of the CPU flaws and found new techniques that could be used to extract sensitive info like passwords from devices."

https://www.engadget.com/2018/02/15/meltdownprime-spectreprime-research/

First Intel, now AMD also faces multiple class-action suits over Spectre attacks

"Intel rival AMD is also facing a number of class-action lawsuits over how it's responded to the Meltdown and Spectre CPU flaws.."

http://www.zdnet.com/article/first-intel-now-amd-also-faces-multiple-class-action-suits-over-spectre-attacks/

Surprise! Yet Another Baby Monitor Can Be Hacked by a Child

"According to Austrian cybersecurity firm SEC Consult, in addition to its 720P HD quality camera and free local video recording, the Mi-Cam comes equipped with “multiple critical vulnerabilities” allowing for the “hijacking of arbitrary video baby monitors.” We’re talking outdated firmware affected by numerous publicly known vulnerabilities; root access protected by 4-digit default credentials; and an easy-to-brute-force password-forget function."

https://gizmodo.com/surprise-yet-another-baby-monitor-can-be-hacked-by-a-c-1823197913

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/15/18

1 Comment

This Week In Hardware Security 2/15/18

Bringing you the latest in Hardware Security every week!

Secure Development Lifecycle for Hardware Becomes an Imperative

"Given recent events, its time for chip makers to take a page from the software vendor handbook and step up their game in heading off potentially costly threats. "

https://www.eetimes.com/author.asp?section_id=36&doc_id=1332962

Intel expands bug bounty to catch more Spectre-like security flaws

"The program is now open to all security researchers, not just by invitation, and includes sweeter rewards for discovering exploits. You now get up to $100,000 for disclosing general security flaws, and there's a new program dedicated to side channel vulnerabilities (read: issues like Spectre) that offers up to $250,000 through December 31st, 2018."

https://www.engadget.com/2018/02/14/intel-expands-bug-bounty-to-catch-spectre-like-security-flaws/

Linux hacked on to the Nintendo Switch thanks to CPU flaw

"Hackers have been hard at work on the Nintendo Switch during its first year in circulation, successfully exploiting its browser and paving the way for homebrew software. The latest development sees hackers run Linux on the hybrid console, thanks to a flaw in the processor."

https://www.kitguru.net/gaming/damien-cox/nintendo-switch-linux-hack/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/8/18

1 Comment

This Week In Hardware Security 2/8/18

Bringing you the latest in Hardware Security every week!

Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History'

"Source code for iBoot, one of the most critical iOS programs, was anonymously posted on GitHub."

https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera

"When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone—realistically, most people—who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery.

But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled but frozen."

https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/

Intel releases updated Spectre and Meltdown patches for Skylake systems

"After previously releasing unstable patches, Intel has now launched a microcode update for Skylake systems."

https://betanews.com/2018/02/08/intel-spectre-meltdown-patch-skylake/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/1/18

1 Comment

This Week In Hardware Security 2/1/18

Bringing you the latest in Hardware Security every week!

Meltdown-Spectre: Malware is already being tested by attackers

"German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs."

http://www.zdnet.com/article/meltdown-spectre-malware-is-already-being-tested-by-attackers/

Jackpotting cyberattack hits US, forces ATMs to spit out money for hackers

"ATM manufacturers Diebold Nixdorf Inc and NCR Corp have confirmed that they notified clients of the spread of jackpotting, a hack that empties ATMs of cash, into the United States."

https://www.techrepublic.com/article/jackpotting-cyberattack-hits-us-forces-atms-to-spit-out-money-for-hackers/

All computers are flawed -- and the fix will take years

"All the world's computers are flawed, and companies are fumbling with fixes. It will take years until the issue is fully sorted out."

http://money.cnn.com/2018/01/26/technology/intel-chip-flaws-response-future-bugs/index.html

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 1/26/18

1 Comment

This Week In Hardware Security 1/26/18

Bringing you the latest in Hardware Security every week!

Red Hat dumps Spectre CPU patches that brick servers

"Enterprise Linux vendor Red Hat will no longer distribute microcode patches to mitigate against the Spectre processor flaw after bugs in the patches stopped user systems from booting up."

https://www.itnews.com.au/news/red-hat-dumps-spectre-cpu-patches-that-brick-servers-481526

Intel Claims 90 Percent of Affected CPUs Have Live Patches Just as Rumors of New Attacks Arrive

"Today the security world is wondering whether a new pair of attacks that are allegedly based on work related to Meltdown and Spectre is on the horizon—or just a hoax taking advantage of CPU-exploit fears."

https://gizmodo.com/intel-claims-90-percent-of-affected-cpus-have-live-patc-1822192075

ARM’s CEO Simon Segars on Spectre/Meltdown, IoT security and more

"As for Spectre and Meltdown, Segars noted that the attacks have raised the awareness of how many microprocessors there are in the world today, though he also stressed that this attack exploits the features of high-performance chips — and only 5 percent of the chips that ARM’s licensees have sold in the past are susceptible to the attack."

https://techcrunch.com/2018/01/18/arms-ceo-simon-segars-on-spectre-meltdown-iot-security-and-more/

Wall Street to grill Intel on chip security flaws

"Wall Street analysts will grill Intel Corp executives on how massive security flaws in its computer chips are impacting business when the company reports quarterly results on Thursday."

https://www.reuters.com/article/us-intel-results-outlook/wall-street-to-grill-intel-on-chip-security-flaws-idUSKBN1FE1C5

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment