Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The future of infections hardware exploits


  • Please log in to reply
7 replies to this topic

#1 SuperSapien64

SuperSapien64

  • Members
  • 940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 23 July 2018 - 05:07 PM

With rise of hardware exploits such as the Intel SPI Flash Flaw or RAMpage https://www.bleepingcomputer.com/news/security/intel-spi-flash-flaw-lets-attackers-alter-or-delete-bios-uefi-firmware/    https://www.bleepingcomputer.com/news/security/every-android-device-since-2012-impacted-by-rampage-vulnerability/  I believe this just the beginning we'll see more such exploits like these two because it doesn't matter what OS your using but what type of hardware your using, why bother trying make a new exploit for Windows, Mac OS, Android, Linux & etc when you can attack the CPU/Motherboard/RAM directly and compromise the whole system directly. And worse of all how do you remove such malware? You would have to buy all new hardware and that would be extremely expensive and time consuming.

 

Please share your thoughts.



BC AdBot (Login to Remove)

 


#2 Replicator

Replicator

  • Members
  • 246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:09:49 AM

Posted 24 July 2018 - 05:02 AM

 I believe this just the beginning we'll see more such exploits like these two because it doesn't matter what OS your using but what type of hardware your using, why bother trying make a new exploit for Windows, Mac OS, Android, Linux & etc when you can attack the CPU/Motherboard/RAM directly and compromise the whole system directly. And worse of all how do you remove such malware? You would have to buy all new hardware and that would be extremely expensive and time consuming.

 

Please share your thoughts.

 

What you must consider is the goal of Blackhat hacking, that is ultimately to gain root access of the box, and hopefully the whole network this box is connected to.

Once root is gained, then you effectively have admin access which is seriously dangerous in the wrong hands.

 

Root access can be gained by exploiting Software in order to lauch attacks against Hardware which then makes it way easier to gain root from.

 

 

The key here is that software is highly protected these days......Anitivirus, Firewalls, browser hardening, Web application hardening and other highly fashioned methods of coded security.

Networks are fiercely protected with software security also, which makes it way more difficult to infiltrate for root even by the most persistent and talented hackers.

 

What protects Hardware??.........Yes your right, nothing!

 

This is the main reason that new hardware exploits are on the rise, but the major end game is still the same.....root access!

 

But your right in a sense, why bother attempting to overcome multiple security layers that protect software when we have a more efficient method to gain root access thats fast becoming available.

Hardware hacking!

 

Hacking today is big business, the bad guys want less cost and greater efficiency, with increased productivity for time spent.

 

Lets face it, its run like any other business is!

 

Hint: In order to successfully exploit any hardware, you must first gain access to it through exploiting a vulnerability in software, Yes?

Therefore Software will always be the first line of defense.... in a war they called this, "the front line", where the true battle begins!

ie. Unless you let them in, they cant hurt you hardware wise, but once you do, they can gain root far more easily because there are no layers of security to bypass.


Edited by Replicator, 24 July 2018 - 05:25 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 


#3 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 24 July 2018 - 06:22 PM

@ Replicator

 

You said: In order to successfully exploit any hardware, you must first gain access to it through exploiting a vulnerability in software, Yes?

Therefore Software will always be the first line of defense.... in a war they called this, "the front line", where the true battle begins!

ie. Unless you let them in, they cant hurt you hardware wise, but once you do, they can gain root far more easily because there are no layers of security to bypass.

 

True they would need to at least exploit the browser if not the firmware as well.

But if your hardwares firmware isn't up to date then your screwed.



#4 Replicator

Replicator

  • Members
  • 246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:09:49 AM

Posted 25 July 2018 - 12:10 AM

Yes, BIOS updates are becoming exceedingly important today!

 

Also any software that runs on your system that is not kept up-to-date, is a potential 'backdoor' into your valuable hardware!

 

Smartphones are all the rage for the bad guys today...... we all protect our Desktops/Laptops etc vigorously with firewalls, AV's and the likes however most of us dont pay any attention to security on our Cells at all, and we connect these devices to our home and business networks.

 

Encryption and a decent AV should be a minimum. 


Edited by Replicator, 25 July 2018 - 12:11 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 


#5 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:49 PM

Posted 28 July 2018 - 04:22 PM

Post #2 "In order to successfully exploit any hardware, you must first gain access to it through exploiting a vulnerability in software"

I'm not sure if that is strictly true, for example some business versions of intel management engine (seriously that thing should never have existed in the first place and intel should be forced to provide safe and reliable instructions for its permanent disablement, perhaps even a hardware toggle switch on all future computers sold) could be exploited by anything connected to the same network, even when the victim computer was powered off. Intel ME could react to a wake-on-LAN command so long as an ethernet cable is plugged into the PC without any higher level software (BIOS/UEFI,operating system,browser...) even starting up let alone needing to be bypassed.

And furthermore although attacks only possible by a physically present attacker are far less concerning than remote ones, a physically present attacker hacking low level hardware need never worry about how well defended the higher level OS/browser software is, with physical access they can go straight to attacking the low level stuff.

Edited by rp88, 28 July 2018 - 04:22 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 Replicator

Replicator

  • Members
  • 246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:09:49 AM

Posted 31 July 2018 - 09:51 AM

Well ME consists of proprietary firmware running on a separate microprocessor?

 

To me, firmware means embedded software just like a BIOS?

 

Exploiting anything connected to the same network would require a higher level software breach, and even a physical 'local' attack on so called 'low level' stuff, would require a firmware breach (which is actually software)

 

But hey, i may be wrong!


Edited by Replicator, 31 July 2018 - 09:52 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 


#7 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 02 August 2018 - 08:25 PM

I wonder if there any hardware exploits for wireless routers? I know there software exploits for them.


Edited by SuperSapien64, 02 August 2018 - 08:26 PM.


#8 Replicator

Replicator

  • Members
  • 246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:09:49 AM

Posted 03 August 2018 - 09:05 AM

Would it surprise you to know that the 2 most vulnerable pieces of hardware that exist in your home network are your Wifi printer, and your Wifi router!

 

Why?

 

Have you ever purchased a brand new printer or router, only to discover that your running the latest available firmware update.....which is a year or so older than the actual device itself?

My conclusion on why is shared by many in the security industry.

 

In general Wifi routers are not designed with security in mind because manufacturers operate on small profit margins, and rush to get products to market as fast as possible rather than invest in secure development lifecycles!

Since most routers are vulnerable regardless of who made them, there is little incentive for secure development.

WiFi speeds are what its all about, not security.

 

This fact was proven at the last DefCon 22 security conference which pitted hackers against 10 of the most popular router brands.

Most were hacked with elevated privelages....these included the latest models by Netgear, Dlink, TPlink, Linksys and Belkin.

 

My own personal penetration tests against my own network, revealed multiple vulnerabilities in my January 2018 purchased, Epson Workforce WF-2630 printer, as well as my 2017 Dlink AC1900 EXO Wireless router.

Vulns I found in the router included:

stack overflow vulnerability caused by HNAP

WAN & LAN XSS vulns.

Weak files permissions and credentials stored in clear text.

LAN DoS attack vulns against some of the running daemons.

 

Not so long ago I read Security researcher Craig Youngs recently published research showing that 80 percent of the 25 best-selling SOHO wireless router models available on Amazon had vulnerabilities.

 

This is concerning to me, but any attempts to contact the vendors for explanations have proved fruitless!

They believe only in superior router speeds which is what most customers desire.....fair enough! Little attention seems to be paid to internal security.

 

Its little wonder that router exploits are on the rise today, and yes Supersapien64, most are Firmware related.


Edited by Replicator, 03 August 2018 - 09:19 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users