This Week in Hardware Security 5/8/2018

Comment

This Week in Hardware Security 5/8/2018

Bringing you the latest in Hardware Security every week!

'Next generation' flaws found on computer processors: magazine

"Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday."

https://www.reuters.com/article/us-cyber-intel/next-generation-flaws-found-on-computer-processors-magazine-idUSKBN1I42BZ

'Design for Security' program launched by Purdue, Intel

"A new program that educates students on how to incorporate digital security in all phases of the design and manufacturing process is being launched by Intel Corp. and Purdue University."

https://www.purdue.edu/newsroom/releases/2018/Q2/design-for-security-program-launched-by-purdue,-intel.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 5/1/18

Comment

This Week In Hardware Security 5/1/18

Bringing you the latest in Hardware Security every week!

Apple Is Struggling To Stop A 'Skeleton Key' Hack On Home Wi-Fi

"...an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own chips into "skeleton keys."

https://www.forbes.com/sites/thomasbrewster/2018/04/26/skeleton-key-exploits-apple-mfi-trust/#4dfdeea1503c

Hackers have found a way to jailbreak the Nintendo Switch

"Hackers have found a way into the Nintendo Switch, possibly giving those with a high level of technical knowledge a way to run pirated games on the portable console."

https://www.washingtonpost.com/news/the-switch/wp/2018/04/24/hackers-have-found-a-way-to-jailbreak-the-nintendo-switch/?noredirect=on&utm_term=.016f58c3d86a

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 4/23/18

Comment

This Week In Hardware Security 4/23/18

Bringing you the latest in Hardware Security every week!

Tortuga Logic to Develop Novel Hardware Security Solutions with Support from DARPA Program

"Tortuga Logic, a hardware security company with technology that identifies security vulnerabilities in semiconductor designs, today announced that it has received a contract from the Defense Advanced Research Projects Agency (DARPA) to develop additional hardware security solutions."

https://www.businesswire.com/news/home/20180404005040/en/Tortuga-Logic-Develop-Hardware-Security-Solutions-Support

Intel debuts security solutions at the silicon level

"Intel has revealed a range of new security solutions designed to protect the latest wave of new technologies."

https://www.zdnet.com/article/intel-debuts-security-solutions-at-the-silicon-level/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 4/2/18

1 Comment

This Week In Hardware Security 4/2/18

Bringing you the latest in Hardware Security every week!

First Spectre, now BranchScope — another vulnerability in Intel processors

"Researchers from four universities discovered a new vulnerability in Intel’s processors dubbed as BranchScope. The problem resides in the method a processor uses to predict where its current computational task will end, aka speculative execution. By exploiting this flaw, hackers with access to the PC could pull data stored from memory that’s otherwise inaccessible to all applications and users. "

https://www.digitaltrends.com/computing/branchscope-vulnerability-intel-processors-spectre/

Windows 7 Meltdown patch opens worse vulnerability: Install March updates now

"Microsoft's early patches for Intel's Meltdown CPU vulnerability created an even bigger problem in Windows 7 that allowed any unprivileged application to read kernel memory."

http://www.zdnet.com/article/windows-7-meltdown-patch-opens-worse-vulnerability-install-march-updates-now/

‘Tamper-Proof’ Crypto Wallet Hacked by 15 Year Old

"Ledger boasts that it’s crypto wallet hardware is tamper-proof, however this claim appears to have fallen flat on its face after a 15-year old French hacker claimed to have successfully broken into it."

https://digit.fyi/ledger-crypto-wallet-hacked/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 3/26/18

Comment

This Week In Hardware Security 3/26/18

Bringing you the latest in Hardware Security every week!

Microsoft offers $250,000 bounty to prevent the next Meltdown and Spectre CPU flaws

"Microsoft is introducing a new bug bounty reward for the “speculative execution” CPU vulnerabilities that were disclosed recently. The software giant is offering up to $250,000 for bugs that are similar to the Meltdown and Spectre CPU flaws. Microsoft’s bounty will run until the end of the year, and it’s clearly designed to discover additional flaws as researchers begin to look at these types of vulnerabilities in processor designs."

https://www.theverge.com/2018/3/15/17124362/microsoft-spectre-bug-bounty-speculative-execution

AMD has fixes coming for its 13 chip vulnerabilities

"The chipmaker says the patches will arrive within a few weeks and AMD device owners shouldn’t worry about the reported flaws."

https://www.cnet.com/news/amd-has-fixes-coming-for-its-13-chip-vulnerabilities/

Hardware Backdoor Remote Hack for Automotive Connected Car CAN Bus

"Researchers Sheila Ayelen Berta and Claudio Caracciolo have created a tiny back hardware backdoor for the CAN bus, called “The Bicho”. They will be presenting it on unlucky April 13 at HITBSecConf in Amsterdam that connects to the vehicle’s OBD-II port. The pair have been called “Hack in the Box Duo.""

http://www.autoconnectedcar.com/2018/03/hardware-backdoor-remote-hack-for-automotive-connected-car-can-bus/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 3/15/18

1 Comment

This Week In Hardware Security 3/15/18

Bringing you the latest in Hardware Security every week!

AMD allegedly has its own Spectre-like security flaws

"CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers."

https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

Former Apple security engineer’s new firm claims it will unlock any iPhone – for $15,000

"Just about a week ago, word emerged that the Israeli-based security firm Cellebrite had developed a tool which enables it to access any locked iPhone model running any iteration of iOS, including an iPhone X running iOS 11. In the wake of that revelation, Forbes relays that another security firm — a U.S. based company called Grayshift — has come up with an iOS 11 workaround of its own, albeit with some limitations."

http://bgr.com/2018/03/05/iphone-security-ios-11-solution-brute-force-passcode-guessing/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 3/1/18

1 Comment

This Week In Hardware Security 3/1/18

A Development Lifecycle Approach to Security Verification

"We have become accustomed to the idea that safety expectations cant be narrowed down to one thing you do in design. They pervade all aspects of design from overall process through analysis, redundancies in design, fault analytics and mitigation for faults and on-board monitors for reliability among other requirements and techniques. 21180 Why shouldnt similar concepts apply to security also?"

https://www.semiwiki.com/forum/content/7299-development-lifecycle-approach-security-verification.html

Intel rolls out Spectre updates for 7th and 8th-gen Core chips

"Intel is attempting to patch Spectre again today with the rollout of patches for Kaby Lake-, Coffee Lake-, and Skylake-based platforms. The updates will cover the company’s sixth, seventh, and eighth-generation Intel Core product lines, as well as the X-series processor family. The Xeon Scalable and Intel Xeon D processors for data center systems will also be protected."

https://www.theverge.com/2018/2/21/17036626/intel-spectre-patch-chip-update-7th-8th-gen

Recent Intel CPUs Take Performance Hit With Spectre, Meltdown Patches

"The average performance decline is in-line with the single-digit prediction, though there are exceptions, with some browser tests showing a ~10 percent drop. The largest drop is in PCMark 10’s app load times, which declined by 13.5 percent after a Spectre patch was applied. We’ve talked before about Meltdown possibly hitting I/O tests hard, but this is the first indication Spectre might whack them again."

https://www.extremetech.com/computing/264796-recent-intel-cpus-take-performance-hit-spectre-meltdown-patches

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/22/18

1 Comment

This Week In Hardware Security 2/22/18

Bringing you the latest in Hardware Security every week!

Researchers discover new ways to abuse Meltdown and Spectre flaws

"A team of security researchers from NVIDIA and Princeton University have discovered new ways to exploit Meltdown and Spectre outside of those idenfitied in the past. The researchers developed a tool to explore how else cyber criminals could take advantage of the CPU flaws and found new techniques that could be used to extract sensitive info like passwords from devices."

https://www.engadget.com/2018/02/15/meltdownprime-spectreprime-research/

First Intel, now AMD also faces multiple class-action suits over Spectre attacks

"Intel rival AMD is also facing a number of class-action lawsuits over how it's responded to the Meltdown and Spectre CPU flaws.."

http://www.zdnet.com/article/first-intel-now-amd-also-faces-multiple-class-action-suits-over-spectre-attacks/

Surprise! Yet Another Baby Monitor Can Be Hacked by a Child

"According to Austrian cybersecurity firm SEC Consult, in addition to its 720P HD quality camera and free local video recording, the Mi-Cam comes equipped with “multiple critical vulnerabilities” allowing for the “hijacking of arbitrary video baby monitors.” We’re talking outdated firmware affected by numerous publicly known vulnerabilities; root access protected by 4-digit default credentials; and an easy-to-brute-force password-forget function."

https://gizmodo.com/surprise-yet-another-baby-monitor-can-be-hacked-by-a-c-1823197913

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/15/18

1 Comment

This Week In Hardware Security 2/15/18

Bringing you the latest in Hardware Security every week!

Secure Development Lifecycle for Hardware Becomes an Imperative

"Given recent events, its time for chip makers to take a page from the software vendor handbook and step up their game in heading off potentially costly threats. "

https://www.eetimes.com/author.asp?section_id=36&doc_id=1332962

Intel expands bug bounty to catch more Spectre-like security flaws

"The program is now open to all security researchers, not just by invitation, and includes sweeter rewards for discovering exploits. You now get up to $100,000 for disclosing general security flaws, and there's a new program dedicated to side channel vulnerabilities (read: issues like Spectre) that offers up to $250,000 through December 31st, 2018."

https://www.engadget.com/2018/02/14/intel-expands-bug-bounty-to-catch-spectre-like-security-flaws/

Linux hacked on to the Nintendo Switch thanks to CPU flaw

"Hackers have been hard at work on the Nintendo Switch during its first year in circulation, successfully exploiting its browser and paving the way for homebrew software. The latest development sees hackers run Linux on the hybrid console, thanks to a flaw in the processor."

https://www.kitguru.net/gaming/damien-cox/nintendo-switch-linux-hack/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/8/18

1 Comment

This Week In Hardware Security 2/8/18

Bringing you the latest in Hardware Security every week!

Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History'

"Source code for iBoot, one of the most critical iOS programs, was anonymously posted on GitHub."

https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera

"When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone—realistically, most people—who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery.

But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled but frozen."

https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/

Intel releases updated Spectre and Meltdown patches for Skylake systems

"After previously releasing unstable patches, Intel has now launched a microcode update for Skylake systems."

https://betanews.com/2018/02/08/intel-spectre-meltdown-patch-skylake/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 2/1/18

1 Comment

This Week In Hardware Security 2/1/18

Bringing you the latest in Hardware Security every week!

Meltdown-Spectre: Malware is already being tested by attackers

"German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs."

http://www.zdnet.com/article/meltdown-spectre-malware-is-already-being-tested-by-attackers/

Jackpotting cyberattack hits US, forces ATMs to spit out money for hackers

"ATM manufacturers Diebold Nixdorf Inc and NCR Corp have confirmed that they notified clients of the spread of jackpotting, a hack that empties ATMs of cash, into the United States."

https://www.techrepublic.com/article/jackpotting-cyberattack-hits-us-forces-atms-to-spit-out-money-for-hackers/

All computers are flawed -- and the fix will take years

"All the world's computers are flawed, and companies are fumbling with fixes. It will take years until the issue is fully sorted out."

http://money.cnn.com/2018/01/26/technology/intel-chip-flaws-response-future-bugs/index.html

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 1/26/18

1 Comment

This Week In Hardware Security 1/26/18

Bringing you the latest in Hardware Security every week!

Red Hat dumps Spectre CPU patches that brick servers

"Enterprise Linux vendor Red Hat will no longer distribute microcode patches to mitigate against the Spectre processor flaw after bugs in the patches stopped user systems from booting up."

https://www.itnews.com.au/news/red-hat-dumps-spectre-cpu-patches-that-brick-servers-481526

Intel Claims 90 Percent of Affected CPUs Have Live Patches Just as Rumors of New Attacks Arrive

"Today the security world is wondering whether a new pair of attacks that are allegedly based on work related to Meltdown and Spectre is on the horizon—or just a hoax taking advantage of CPU-exploit fears."

https://gizmodo.com/intel-claims-90-percent-of-affected-cpus-have-live-patc-1822192075

ARM’s CEO Simon Segars on Spectre/Meltdown, IoT security and more

"As for Spectre and Meltdown, Segars noted that the attacks have raised the awareness of how many microprocessors there are in the world today, though he also stressed that this attack exploits the features of high-performance chips — and only 5 percent of the chips that ARM’s licensees have sold in the past are susceptible to the attack."

https://techcrunch.com/2018/01/18/arms-ceo-simon-segars-on-spectre-meltdown-iot-security-and-more/

Wall Street to grill Intel on chip security flaws

"Wall Street analysts will grill Intel Corp executives on how massive security flaws in its computer chips are impacting business when the company reports quarterly results on Thursday."

https://www.reuters.com/article/us-intel-results-outlook/wall-street-to-grill-intel-on-chip-security-flaws-idUSKBN1FE1C5

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 1/18/18

1 Comment

This Week In Hardware Security 1/18/18

Bringing you the latest in Hardware Security every week!

A Congressman has new questions for chipmakers about Meltdown and Spectre response

"The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating."

https://www.theverge.com/2018/1/16/16898094/meltdown-spectre-vulnerability-letter-congress-intel-amd-arm

Patch for Spectre, Meltdown causing problems in older chips

"Virtually all computer and mobile chips were affected by the Spectre flaw, and software makers, device manufacturers, and chipmakers themselves are working to secure consumers. But fixes are not happening smoothly."

http://money.cnn.com/2018/01/12/technology/intel-chip-bugs-vulnerability/index.html

Cyber Attacks Continue to Succeed

"Spectre and Meltdown demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry."

https://www.eetimes.com/author.asp?section_id=36&doc_id=1332843

Critical Intel AMT Flaw Lets Attackers Hack Laptops in Mere Seconds

"In its official statement released on Friday, 12th January regarding the newly identified hardware flaw, F-Secure stated that it allows hackers to remotely access corporate laptops."

https://www.hackread.com/critical-intel-amt-flaw-lets-attackers-hack-laptops-mere-seconds/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 1/11/18

1 Comment

This Week In Hardware Security 1/11/18

Bringing you the latest in Hardware Security every week!

A Critical Intel Flaw Breaks Basic Security for Most Computers (Meltdown and Spectre)

"Earlier this week, security researchers took note of a series of changes Linux and Windows developers began rolling out in beta updates to address a critical security flaw: A bug in Intel chips allows low-privilege processes to access memory in the computer's kernel, the machine's most privileged inner sanctum."

https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

Nvidia releases patches for chip exploit also affecting Intel and AMD

"Santa Clara-based chipmaker Nvidia Corp. this week said it's releasing patches for a wide-reaching security flaw that also impacts rivals Intel Corp, Advanced Micro Devices and ARM Holdings."

https://www.bizjournals.com/sanjose/news/2018/01/10/nvidia-gpu-chips-meltdown-spectre-intc-amd.html

Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs

"Microsoft has paused distributing its Meltdown and Spectre security updates for some older AMD machines after reports of PCs not booting. Microsoft’s support forums have been full of complaints from PC owners with AMD processors, and the software giant has acknowledged the issues today. Microsoft is blaming AMD’s documentation for the unexpected problems."

https://www.theverge.com/2018/1/9/16867068/microsoft-meltdown-spectre-security-updates-amd-pcs-issues

ARM Says About 5% of Its Chips Have Hack Vulnerability

"ARM Holdings Plc., whose technology is at the heart of most major mobile phone components, said about 5 percent of chips made using its designs and intellectual property are vulnerable to the potential hardware hack known as Spectre, revealed by technology companies last week."

https://www.bloomberg.com/news/articles/2018-01-09/arm-says-about-5-of-its-chips-have-hack-vulnerability

Intel to set up new group to focus on hardware security

"Chip maker is reportedly planning to form a new group to focus on hardware security as it scrambles to limit the impact of recently discovered security flaws in chip designs."

http://www.computerweekly.com/news/450432804/Intel-to-set-up-new-group-to-focus-on-hardware-security

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 12/20/17

Comment

This Week In Hardware Security 12/20/17

Bringing you the latest in Hardware Security every week!

A Tiny New Chip Could Secure the Next Generation of IoT

"Microsoft Research has poured its IoT efforts into Project Sopris, placing the IoT security focus to microcontrollers."

https://www.wired.com/story/project-sopris-iot-security/

Four U.S. Engineers Charged With Trying to Steal Chip Designs for a Chinese Startup

"Four former Applied Materials Inc. engineers have been charged with attempting to steal chip designs from the semiconductor equipment company to sell to a Chinese startup."

http://fortune.com/2017/12/07/us-engineers-semiconductor-chips-chinese-startup/

Tortuga Logic Appoints Andrew Dauman Vice President of Engineering to Oversee Product Development, R&D

"Tortuga Logic, a hardware security specialist with technology that identifies security vulnerabilities in semiconductor designs, today named Andrew Dauman vice president of engineering."

https://globenewswire.com/news-release/2017/12/14/1262178/0/en/Tortuga-Logic-Appoints-Andrew-Dauman-Vice-President-of-Engineering-to-Oversee-Product-Development-R-D.html

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment

This Week In Hardware Security 12/6/17

1 Comment

This Week In Hardware Security 12/6/17

Bringing you the latest in Hardware Security every week!

5 Pitfalls That May Kill The IoT (Security is #1!)

"Many things could trip up the predicted explosion of connected devices, but the hurdles aren’t insurmountable."

https://semiengineering.com/the-five-pitfalls-that-may-kill-the-iot/

Computer vendors start disabling Intel Management Engine

"Intel has admitted that its in-chip Intel Management Engine program has major security holes. Some PC vendors are now disabling Management Engine to protect their customers."

http://www.zdnet.com/article/computer-vendors-start-disabling-intel-management-engine/

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 11/30/17

2 Comments

This Week In Hardware Security 11/30/17

Bringing you the latest in Hardware Security every week!

Intel Chip Flaws Leave Millions of Devices Exposed

"Security researchers have raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible."

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/

Newly Revealed Flaw Could Subject IoT Devices to Airborne Attacks

"Billions of voice-activated Internet of Things devices may be subject to external attack due to BlueBorne vulnerabilities, Armis revealed on Wednesday."

https://www.technewsworld.com/story/84963.html

Want More Hardware Security News? Sign Up For Our Mailing List!

2 Comments

This Week In Hardware Security 11/17/17

1 Comment

This Week In Hardware Security 11/17/17

Bringing you the latest in Hardware Security every week!

Tortuga Logic raises $2 million to build chip-level security systems

"Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security."

https://techcrunch.com/2017/11/16/tortuga-logic-raises-2-million-to-build-chip-level-security-systems/

Security vulnerability in IoT cameras could allow remote control by hackers

"Newly uncovered vulnerabilities in a popular brand of indoor internet-connected cameras could be exploited by attackers in order to gain complete control of the device."

http://www.zdnet.com/article/security-vulnerability-in-iot-cameras-could-allow-remote-control-by-hackers/

Security Firm Says Extremely Creepy Mask Cracks iPhone X's Face ID

"Less than a week after the iPhone X release, a Vietnamese security firm says it has done what others couldn't — trick the phone's facial recognition software. How? One very creepy mask."

https://www.npr.org/sections/thetwo-way/2017/11/13/563741014/security-firm-says-extremely-creepy-mask-cracks-iphone-xs-face-id

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 11/8/17

1 Comment

This Week In Hardware Security 11/8/17

Bringing you the latest in Hardware Security every week!

Eir replaced thousands of faulty modems over security worries

"20,000 modems were replaced by Eir after an investigation by the Data Protection Commissioner."

https://www.siliconrepublic.com/enterprise/eir-modems-replacements

Security Solutions Dominate Arm TechCon

"The hot topic at this year’s Arm TechCon conference was security, and Arm was not the only one hawking its wares."

http://www.electronicdesign.com/industrial-automation/security-solutions-dominate-arm-techcon

Want More Hardware Security News? Sign Up For Our Mailing List!

1 Comment

This Week In Hardware Security 11/1/17

Comment

This Week In Hardware Security 11/1/17

Bringing you the latest in Hardware Security every week!

Latest IoT DDoS Attack Could Affect Millions of Users Worldwide

"Cybersecurity experts warned that the Reaper Botnet can compromise all internet-connected devices."

https://koddos.net/blog/latest-iot-ddos-attack-affect-millions-users-worldwide/

Security flaw in LG IoT software left home appliances vulnerable

"LG has updated its software security after researchers found flaw that left dishwashers, washing machines, air conditioners, and even a robot vacuum cleaner accessible by hackers."

http://www.zdnet.com/article/security-flaw-in-lg-iot-software-left-home-appliances-vulnerable/

Want More Hardware Security News? Sign Up For Our Mailing List!

Comment