"Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs"

The firmware security company, Eclypsium, recently released a report that emphasizes the importance of creating secure mechanisms for updating a device's firmware. The companies that make hardware components such as Wi-Fi adapters, USB hubs, trackpads, and cameras, often fail to sign their firmware. Unsigned firmware can allow adversaries to insert a malicious firmware image to implant backdoors, redirect network traffic, exfiltrate data, and more. According to Eclypsium researchers, TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops, and the Wi-Fi adapter on Dell XPS laptops use insecure firmware update mechanisms. These findings call for more attention on unsigned firmware in peripherals as firmware vulnerabilities create opportunities for malicious actors to take full control over laptops and servers. This article continues to discuss the firmware weaknesses faced by Lenovo, HP, and Dell peripherals, how unsigned firmware updates impact the security of devices, and how vendors have responded to such vulnerabilities. 

Threatpost reports "Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs"

 

Submitted by Anonymous on