Windows & Linux Devices at Risk From Unsigned Peripheral Firmware

Reportedly, researchers from Eclypsium have discovered how a problem in peripheral devices can risk the security of entire systems. Specifically, they found that unsigned firmware in peripheral devices can allow an adversary to attack Windows, Linux systems. They have shared the details of their findings in a blog post.

As revealed, unsigned firmware in a large number of WiFi adapters, trackpads, USB Hubs, and cameras impact various enterprise devices. Despite being known for years, the researchers state that many vendors paid no heed to this problem. Consequently, this issue makes the systems vulnerable to cyber-attacks.

As stated in their post,

Many peripheral devices do not verify that firmware is properly signed with a high quality public/private key before running the code. This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted.

Thus, an attacker could simply execute codes on the target device via a malicious firmware image. The attacker can then use the privileges of the malicious component for further activities.

The following video demonstrates an attack scenario on the network interface. Whereas, technical details about the attack are available in the researchers’ post.

What Next?

The researchers elaborate that despite changes by some vendors, most of the peripheral devices’ makers haven’t taken the matter of unsigned firmware execution seriously enough. Consequently, the vulnerability poses a threat to the integrity of Windows and Linux devices, including laptops and servers.

Though, this problem does not affect Apple devices.

Apple performs signature verification on all files in a driver package, including firmware, each time before they are loaded into the device, to mitigate this type of attack. In contrast, Windows and Linux only perform this type of verification when the package is initially installed.

Hence, the device itself verifies the signature before a firmware update. And, in the current scenario, permitting unsigned firmware makes the devices vulnerable for good. Thus, Windows and Linux need to implement a similar signature verification approach before updating firmware.

Let us know your thoughts in the comments

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients