Experts Reaction On Report: Millions Of Windows And Linux Systems Vulnerable To Cyber-attack

It has been reported that fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing.

Michael Barragry, Operations Lead and Security Consultant ,  Edgescan
February 19, 2020
Depending on the hardware that falls under the control of the firmware in question, this could lead to a multitude of attacks.
It seems a bit strange that software signing has become a modern standard when it comes to various programs and executables in general, whereas for firmware it has apparently been ignored on a massive scale. The practice of software signing ensures that an end-user can verify that what they are downloading is from a trusted source and has not been tampered with by a malicious actor somewhere along ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
February 19, 2020
This is why the first principle of patch management is to know where the software came from as that’s where any patches need to also originate.
With supply chain cyber attacks on the rise in 2019, this research should serve as notice to software publishers that they are a critical component of the digital supply chain – regardless of what type of software they provide. In the case of insecure update mechanisms, or lack of cryptographically secure validation mechanisms for their software, they open the door for malicious attacks. This is ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :

In this article