"Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs"
Researchers from Eclypsium, have discovered new firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads, and cameras that are putting millions of peripheral devices in danger of a range of cyberattacks. Most of the vulnerabilities found are caused by a lack of proper code-signing verification and authentication for firmware updates. The lack of proper code signing verification can allow adversaries to conduct remote code execution, denial of service, and more. The researchers found that TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops, and the Wi-Fi adapter on Dell XPS laptops all lacked secure firmware update mechanisms with proper code-signing.
Threatpost reports: "Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs"