Vulnerable firmware everywhere

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
"(...) Computers contain a lot of firmware, all of which is
potentially vulnerable to hacking - everything from USB keyboards and
web cams to graphics and sound cards. Even computer batteries have
'There's firmware everywhere in your computer, and all of it is
risky,' says security researcher Karsten Nohl, who demonstrated last
year how he could embed malicious code in the firmware of USB sticks.
There's also firmware in all of our popular digital gadgets -
smartphones and smart TVs, digital cameras, and music players.
Most of it is vulnerable for the same reasons the firmware the
Equation Group targeted is vulnerable: it was never designed to be
'If everyone started fixing this now, it would probably be fixed on
most computers in five to ten years,' says Nohl. And that's only if
vendors feel pressure from consumers to provide firmware security.
Unfortunately, he says '[N]o one right now has an incentive to start
fixing it.'"

That's scary.


Re: Vulnerable firmware everywhere

Yrrah wrote:

Quoted text here. Click to load it

Question how would some one like you attack this firmware?
Hacking is the misuse of legitimate software. And the knowledge of code.

How many hackers have the knowledge of the code of firmware.

Nothing to worry about!

Re: Vulnerable firmware everywhere

Yrrah wrote:
Quoted text here. Click to load it

If the NSA has physical access to computer shipments,
it would be very very difficult to secure them from
every possible attack.

And I'm not going to give suggestions for new attack
vectors, if that was the idea of posting this :-)


Fixing this problem, would fix the "easy" attack vector.
Denying them this pleasure, would mean they'd only
expend more of the peoples money, using "expensive"
attack vectors.

What we should have, is computers secure against malware
attack. For example, if the BIOS could be flashed from
a malware program, we should close the vector for that,
we should include a Secure Boot idea, a code signing
or whatever, to stop it. In other words, the computer
should be protected from any style of attack that can be
mounted remotely.

But if someone has physical access to a computer,
they can stick a microphone inside there and record
your conversations. How would you protect against
that ? They could leave a half-eaten cheese sandwich
in there, and you would have no protection from it.


Re: Vulnerable firmware everywhere

Once upon a time on usenet Paul wrote:
Quoted text here. Click to load it

Damn! I never thought of that! Imagine a half-eaten cheese sandwich, mutated  
beyond recognition, hell-bent on getting revenge for its other half climbing  
out of your computer in the dead of night.....


"Humans will have advanced a long, long, way when religious belief has a  
cozy little classification in the DSM."
David Melville (in r.a.s.f1)  

Site Timeline