O'Grady's PowerPage

Tag: Internet of Things

  • Researchers discover security flaw on some Intel processors that allows firmware to bypass security

    Researchers discover security flaw on some Intel processors that allows firmware to bypass security

    This is why firmware updates exist.

    A flaw has been discovered within certain Intel chips that allow an attacker with physical access to the computer, known as an “evil maid attack,” install malicious firmware onto the chip. The flaw was noted by Mark Ermolov, Dmitry Sklyarov (both from Positive Technologies) and Maxim Goryachy (an independent researcher).

    The flaw, tracked as CVE-2021-0146, is found in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms. The attacker could use debug and testing modes to extract the decryption key from the TPM module. If TPM is also used to store a Windows BitLocker key, that can also be bypassed. Then, malicious firmware could be installed on the chip as a permanent backdoor.

    According to Ermolov:

    The vulnerability is a debugging functionality with excessive privileges, which is not protected as it should be. To avoid problems in the future and prevent the possible bypassing of built-in protection, manufacturers should be more careful in their approach to security provision for debug mechanisms.

    The flaw can affect a wide range of devices with these processors, such as cars, notebooks, medical equipment, home appliances, and various Internet of Things (IoT) products.

    Intel has stated that the company is actively working to patch the vulnerability so make sure you install the latest software or firmware updates for your devices.

    It’s unknown as to exactly which Macs are affected by this.

    Stay tuned for additional details as they become available.

    Via The Mac Observer and Intel

  • Rumor: Apple to debut next-gen Apple Watch later this year, will take two-generation approach to models available

    The current rumor has it that Apple will continue to sell the Series 2 Apple Watch as well as release the unit, dubbed the “Series 3”, thereby offering a choice of two generations of Apple Watch at different price points.

    According to inside sources, Quanta will remain the sole supplier of the Series 3 Apple Watch while a new supplier, Compal Electronics, will be added to the roster to continue production of older models.

    (more…)

  • Officials look into Friday’s Mirai-based DDoS, cite Apple’s HomeKit security protocol

    ddos-attack-on-dns-major-websites-including-github-twitter-suffering-outage

    Following up on the large-scale distributed denial of service (DDoS) attack on Friday that temporarily took down large chunks of the Internet, it looks like Apple’s controversial “walled garden” approach to its HomeKit devices may have worked out.

    As detailed in recent reports, the attack, which also targeted unprotected “Internet of Things” (IoT) devices, focused on Dyn, an internet management company that provides DNS services to many major web entities.

    A series of repeated attacks caused websites including The Verge, Imgur and Reddit, as well as services like HBO Now, and PayPal, to see slowdowns and extended downtimes. Follow-up waves played havoc with The New York Times, CNN, Netflix, Twitter and the PlayStation Network, among many others.

    (more…)