By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Seven Steps to Recover from Scareware
    8 months ago
    Protecting Computers and Smartphones from Cryptolocker, Pletor aka Simplocker and Other Ransomware
    8 months ago
    New TeslaCrypt Ransomware Targets Gamers
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    5 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    5 days ago
    Safeguards against firmware signed with stolen MSI keys
    7 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    7 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    How to enable DNS over HTTPS in Chrome
    8 months ago
    How to check Windows Update history on Windows 10
    8 months ago
    Windows 10 update KB5011543 (build 19044.1620) brings search highlights
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Nine years of Project Galileo and how the last year has changed it
    Nine years of Project Galileo and how the last year has changed it
    18 hours ago
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    4 days ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    5 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    5 days ago
    What is two-factor authentication | Kaspersky official blog
    1 week ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to check your hearing through the application
    8 months ago
    Canva Suffers Data Breach Affecting 139 Million Users
    8 months ago
    Make Woocommerce product not purchasable
    8 months ago
    Latest News
    How to generate SSH keys on Windows 11
    8 hours ago
    How to enable file sharing on WSA for Windows 11
    8 hours ago
    How to add CPU, GPU, RAM widgets on Windows 11
    5 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Deep Dive: 5 Threats Affecting Hardware
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Deep Dive: 5 Threats Affecting Hardware

Vitus White
Last updated: 13 October
Vitus White 8 months ago
Share
10 Min Read

We are very used to dividing the concept of IT security into two unequal subcategories, hardware- and software-centric. The hardware is usually considered relatively safe and clean — as opposed to software which is usually the layer suffering from bugs and malware.

Contents
#1: RAM#2: Hard drives#3: the USB interface#4: the Thunderbolt interface#5: BIOS

Deep dive: 5 threats affecting hardware

This value system has been functioning for quite a while, however lately it has been showing signs of changing. Certain firmware responsible for managing discrete hardware components has been getting increasingly complex and is subject to vulnerabilities and exploits. The worst thing is, that in many cases existing threat detection systems are impotent.

To cast some light onto this alarming trend, let’s review the top 5 dangerous hardware vulnerabilities that have recently been found in today’s PCs.

#1: RAM

Our undisputed leader in the hardware threat hit-parade is the DDR DRAM security issue, which isn’t possible to solve via any software patch. The vulnerability dubbed Rowhammer, was provoked by, unexpectedly, the progress in the silicon industry.

As IC geometry continues to shrink, the neighboring hardware elements soldered on the chip get closer to each other and start interfering. In today’s memory chips this phenomenon might result in spontaneous switching of the memory cells when getting a random electric pulse from the adjacent cells.

Until recently, it was widely acknowledged that this phenomenon was impossible to use in any real-life PoC exploit, which might help an attacker gain control over the affected PC. However, a team of researchers managed to escalate privileges on 15 out of 29 laptops using this PoC.

Rowhammer hardware exploit poses threat to DRAM memory in many laptops, PCs: https://t.co/z3Sr8L8SVy

— Eugene Kaspersky (@e_kaspersky) March 10, 2015

This is how the PoC functions: To ensure security, only a designated program or OS process is allowed to change a certain block in RAM. To put it simply, some important process functions are allowed inside of a well protected building, while other untrusted programs are left banging on the front door.

However, it turns out that if one stomps loudly in front of this door (i.e. change the contents of memory cells too fast and frequently), the door lock is bound to break down. Who knew locks got so unreliable these days…

A newer standard-based DDR4 and parity-check enabled RAM modules (which are way more expensive) can sustain this kind of attack. That’s the good news. The bad news, is that a very large chunk of modern PC-dom is hackable in the attack referenced above, and there’s no remedy. The only feasible solution is replacement of all RAM modules.

#2: Hard drives

While we are on the subject of RAM, let’s cover hard drives. Thanks to the recent Kaspersky-commissioned research of Equation cybercriminal group, we are now aware of the fact that the controller firmware in hard drives might contain a lot of interesting curios.

Indestructible malware by #Equation cyberspies exists, but don’t panic yet: https://t.co/a3rv49Cdnl #EquationAPT pic.twitter.com/Gaf0HCjHoY

— Kaspersky Lab (@kaspersky) February 17, 2015

For example, those include malware modules which hijack control over the affected PC and function, essentially, in the ‘God mode.’ After a hack like this, a hard drive is damaged beyond repair: the controller firmware infected with a malicious code hides the sectors containing malware and blocks any attempt to fix the firmware. Even formatting would be in vain: the most reliable method to get rid of the malware is physical destruction of the hacked hard drive.

The only solution to the Equation Group is destroying your hard drive http://t.co/pZhFXQzXMY #TheSAS2015 #Kaspersky

— Mikhail Vasin (@mikhailvasin) February 18, 2015

The good news here is that the attack is tedious work and a costly piece of hacking. That’s why the absolute majority of users can relax and not even think of the possibility of their HDDs being hacked, except, possibly, those in possession of data so valuable that the exorbitant expenses of the associated attack are justified.

#3: the USB interface

The third position in our rating is occupied by a vulnerability (a bit outdated yet still notorious) which affects the USB interface. Recent news wiped the dust off this long-familiar bug. As you know, the latest Apple MacBook and Google Pixel laptops are equipped with the universal USB port which is used, among other things, for plugging in a charger.

Nothing is wrong with that, at first sight, and the newest USB revision presents an elegant approach to interface unification. However, connecting just any device through a USB is not always safe. We have already told you about BadUSB, a critical vulnerability discovered last summer.

RT @e_kaspersky: BadUSB research: “You can’t trust anything you plug into your PC, not even a flash drive” http://t.co/XIk0CaBkFb

— Kaspersky Lab (@kaspersky) October 3, 2014

This bug allows you to inject malicious code into the USB device controller (whether that of a thumb drive, or a keyboard, or anything else). No antivirus, including the most powerful products, is able to detect it there. Those who are extremely concerned about their data safety should listen to itsec experts who recommend that you stop using USB ports all together, in order to mitigate the risks. As for the newest MacBook laptops, this advice is useless: anyway, the device should be charged!

“Of the 60 USB chip families not a single 1 consciously disabled the ability to be reprogrammed” https://t.co/oVxYI4Q2x0 #BadUSB

— Eugene Kaspersky (@e_kaspersky) November 18, 2014

Skeptics might point out that it is impossible to inject a malicious code into the charger (as it contains no data storage). But this ‘issue’ can be addressed by ‘enhancing’ the charger (a PoC describing the method of infecting an iPhone through the charger was presented over two years ago).

The new MacBook's single port comes with a major security risk http://t.co/jtdHw90Njw pic.twitter.com/I6dnKSN8xf

— The Verge (@verge) March 16, 2015

Having injected the malware into the charger, the only thing an attacker would have to take care of is placing the ‘Trojanized’ charger in a public area, or otherwise replacing the original charger if the attack is targeted.

#4: the Thunderbolt interface

#4 in our chart is another port-specific vulnerability, targeting Thunderbolt. As it happens, connecting a device via Thunderbolt may also be dangerous. A respective PoC which targeted Mac OS X products was demonstrated by a security researcher Tremmel Hudson at the end of last year.

What You Should Know About the #Thunderstrike #Mac #Bootkit: https://t.co/x0Wpdwn5Et pic.twitter.com/Xu4e9h9T8o

— Kaspersky Lab (@kaspersky) January 15, 2015

Hudson created the first-ever bootkit targeting Apple’s OS, Thunderstrike, which leverages auxiliary modules boot from external devices connected by Thunderbolt. As soon as it is accomplished, the attacker can do anything to the affected PC.

As soon as Hudson’s research went live, Apple mitigated the risk of such an attack in the next OS update (OS X 10.10.2). However, according to Hudson, the patch is a temporary measure. The undermining principle of the vulnerability remains the same, so this is definitely a ‘to-be-continued’ story.

#5: BIOS

There were times when each PC motherboard BIOS developer used his own heavily guarded secret recipes. It was close to impossible to analyze the firmware, and rarely a hacker would be capable of finding bugs in those microprograms.

As UEFI gained traction, a considerable portion of the source code became common for different platforms, which made life a lot easier for PC vendors and BIOS developers alike, as well as to malware engineers.

For instance, the latest UEFI vulnerabilities may be used to overwrite BIOS, regardless of any security measures that might be in place, even if it is a recently marketed hip Windows 8 feature, Secure Boot. It is a vendor-agnostic and deployment-specific issue found in a standard BIOS function.

New BIOS Implant, Vulnerability Discovery Tool to Debut at CanSecWest https://t.co/EuJc9bv6Tt

— Eugene Kaspersky (@e_kaspersky) March 20, 2015

The majority of the aforementioned threats are still exotic and unbeknownst to the majority of common users, and unlikely to be a frequent case. However, the situation may change very abruptly, and in a very short time we might all be nostalgic about the good old times when hard drive formatting was a fool-proof method of dealing with an infected PC.


Source: kaspersky.com

Translate this article

TAGGED: Apple, Authentication, Encryption, Malware, PoC, Port scanning, Security, Software, Source code, Threat, Threats, Vulnerabilities, Windows, YouTube
Vitus White October 13, 2022 October 7, 2022
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to generate SSH keys on Windows 11
News 11 hours ago
How to enable file sharing on WSA for Windows 11
News 11 hours ago
Nine years of Project Galileo and how the last year has changed it
Nine years of Project Galileo and how the last year has changed it
Apps 18 hours ago
Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 4 days ago
How to add CPU, GPU, RAM widgets on Windows 11
News 5 days ago

Recent Posts

  • How to generate SSH keys on Windows 11
  • How to enable file sharing on WSA for Windows 11
  • Nine years of Project Galileo and how the last year has changed it
  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11

You Might Also Like

News

How to generate SSH keys on Windows 11

11 hours ago
News

How to enable file sharing on WSA for Windows 11

11 hours ago
Nine years of Project Galileo and how the last year has changed it
Apps

Nine years of Project Galileo and how the last year has changed it

18 hours ago
Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

4 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Previous Next
Hot News
How to generate SSH keys on Windows 11
How to enable file sharing on WSA for Windows 11
Nine years of Project Galileo and how the last year has changed it
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?