Most of the Printers and Webcams Open to Cyberattacks
Firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral in danger of being hacked, according to research from Eclypsium. A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution and denial of service. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found lacking secure firmware update with proper code-signing.
Firmware can be burned into the integrated circuit or the component may have its own flash memory where firmware is stored. Firmware can also be provided by the operating system at boot time. Regardless of the approach, firmware is used as the device-specific operating system for the peripherals, and can provide hackers many ways to hack into a system. Many peripheral devices do not verify that firmware is properly signed with a public/private key before running the code.
A hacker first gains access to a device by physical access or malware. Then, with basic user privileges, the hacker can write malicious firmware to a vulnerable component. If the component doesn't require the firmware to be properly signed, the hacker's code is loaded. Depending on the peripheral in question, this can lead to a number of malicious activity.
Firmware attacks allow malicious activity to bypass endpoint protections. The recent RobinHood ransomware attack used vulnerable drivers to bypass security protections and enable the ransomware. Unsigned firmware in peripheral devices remains a highly overlooked aspect of security. This aspect provides multiple pathways for hackers to infect laptops and servers. Once firmware on any of these components is infected, the malware stays undetected by any software security controls. Despite previous firmware attacks, peripheral manufacturers have been slow to adopt signing firmware. This leaves millions of Windows and Linux systems at risk of firmware attacks that can steal data, disrupt operations and deliver ransomware.