DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
October 17, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 140 people online.

 

Latest Reviews
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
 

Follow us
RSS
 

Popular 3G LTE modem for laptops vulnerable to malware infection

Posted on Monday, August 10 2015 @ 10:49:43 CEST by


Mickey Shkatov and Jesse Michael from Intel's security group demonstrated at the Def Con security conference in Las Vegas how the firmware of a popular Huawei LTE model used in many laptops could be rewritten to infect the system with malware that survives a disk format.

The problem lies in the fact that the modem's firmware lacks a cryptographic signature verification, in itself this doesn't provide a vector for a malware attack but once your system is infected by malware this vulnerability gives malicious software a place to hide where it is extremely hard to detect.

The Intel researchers worked with Huawei on fixing the issue and the module now performs a secure boot, preventing the flashing of unauthorized firmware images.
The malicious firmware could be flashed by a malicious program that already runs on the computer, or by users themselves if an attacker tricks them into thinking that a new update is available.

If successful, the attack would provide a way to reinfect the main OS even if it is reinstalled. Moreover, the rogue firmware could be modified to ignore any subsequent firmware update requests, leaving the user with no option to recover from such a compromise, except for taking his laptop or tablet apart and pulling out the infected modem module.

Huawei has addressed the issue and the module now performs a secure boot, preventing the use of unauthorized firmware images, the researchers said, adding that the company has been very responsive and great to work with.
Full details at ComputerWorld.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba