That laptop on your desk or server on a data center rack isn't so much a computer as a network of them. Its interconnected devices—from hard drives to webcams to trackpads, largely sourced from third parties—have their own dedicated chips and code as well. That represents a serious security problem: Despite years of warnings, those computers inside your computer remain disturbingly unprotected, offering an insidious and nearly undetectable way for sophisticated hackers to maintain a foothold inside your machine.
That's the helpful reminder provided by new research from security firm Eclypsium, which today released a report on components and PC peripherals connected to and inside of hundreds of millions of computers around the world. They found that a slew of network cards, trackpads, Wi-Fi adapters, USB hubs, and webcams all had firmware that could be updated with "unsigned" code that lacks any cryptographic verification In other words, it could be rewritten without any security check.
That sort of firmware hacking could allow any malware that manages to run on a victim computer to take control of those components and exploit them for everything from intercepting a computer's network communications to spying through its webcam. Worse still, it could hide in obscure components, making detection and mitigation nearly impossible.
"Your webcam is its own computer. Your touchpad is its own computer. The software they run is their firmware, and there are no checks to the authenticity of that firmware when they power on. They just blindly trust it," says Rick Altherr, an Eclypsium principal engineer who worked on the new firmware research. "An unprivileged user can actually modify the firmware on these devices and there are no checks to where that firmware came from or w ..
Support the originator by clicking the read the rest link below.
