Firmware, Hacking and Manufacturing - Cyber Security Informer

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. As of the publication, no publicly known vulnerabilities have been identified in the latest firmware version. x) may also be vulnerable. ” concludes the report.

Hacking

Hacking Firmware Software Manufacturing

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

GreyNoise worked with VulnCheck to disclose the two vulnerabilities responsibly. “The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. Affected devices use VHD PTZ camera firmware < 6.3.40 “Organizations using VHD PTZ camera firmware < 6.3.40

Firmware

Firmware Manufacturing IoT Healthcare

Hacking Hardware Security Modules

Schneier on Security

JUNE 20, 2019

Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. Here's a summary in English.

Firmware

Firmware Hacking Manufacturing Banking

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

Security Affairs

NOVEMBER 6, 2024

Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest. 0795 or above) Taiwanese manufacturer QNAP also patched three zero-day vulnerabilities that were exploited by security researchers during the recent Pwn2Own Ireland 2024.

Firmware

Firmware Manufacturing Hacking Media

Undocumented hidden feature found in Espressif ESP32 microchip

Security Affairs

MARCH 9, 2025

Experts discovered an undocumented hidden feature in the ESP32 microchip manufactured by Espressif, which is used in over 1 billion devices. At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif.

Manufacturing

Manufacturing IoT Firmware Mobile

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 5, 2024

The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. Affected devices use VHD PTZ camera firmware < 6.3.40 Organizations using VHD PTZ camera firmware < 6.3.40 VulnCheck alerted affected manufacturers to the flaws, only receiving a response from PTZOptics.

Firmware

Firmware Manufacturing Authentication IoT

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Researchers from firmware security firm Binarly now report that Bootkitty Linux UEFI bootkit exploits the LogoFAIL flaw CVE-2023-40238 to compromise systems running on vulnerable firmware.

Firmware

Firmware Manufacturing Malware Authentication

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Security Affairs

JANUARY 17, 2025

The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions.

Firmware

Firmware Technology Software Manufacturing

Attack Against PC Thunderbolt Port

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data. Intel responds.

Firmware

Firmware Manufacturing Encryption Hacking

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. his majesty, the Firmware).

IoT

IoT Hacking Firmware Advertising

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

. “One of the easiest methods for threat actors to compromise new hosts is to target outdated firmware or retired hardware.” Hardware manufacturers do not always issue patches for retired devices, and the manufacturer itself may sometimes be defunct. ” concludes the report.

Manufacturing

Manufacturing Malware Firmware IoT

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Wincor is currently owned by ATM manufacturer giant Diebold Nixdorf. ” reads the post published by Positive Techologies. Both issues received a CVSSv3.0 score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Encryption

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Security Affairs

FEBRUARY 1, 2022

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. SecurityAffairs – hacking, EUFI firmware).

Firmware

Firmware Manufacturing Malware Hacking

March to 5G could pile on heavier security burden for IoT device manufacturers

SC Magazine

APRIL 9, 2021

As the Department of Defense works on standards to dictate 5G rollout, security requirements may be too much for IoT manufacturers. Of course, many security hurdles for IoT device manufacturers are not specific to 5G. And how do you vet those firmware updates? In IoT, [manufacturers] want that low-cost sensor.

Manufacturing

Manufacturing IoT Firmware Architecture

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Our selection was based on: Device location (to cover the entire globe) Device manufacturer Protocols used to access the printers. Update your printer firmware to the latest version. SecurityAffairs – hacking, printers). Change the default password. . Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking IoT Firmware Internet

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

It’s not immediately clear which security vulnerabilities led to these estimated 250,000 MikroTik routers getting hacked by Meris. “The largest share belongs to the version of firmware previous to the current stable one.”

IoT

IoT DDOS Internet Internet

D-Link addressed three critical RCE in wireless router models

Security Affairs

SEPTEMBER 16, 2024

The manufacturer also addressed two high-severity vulnerabilities, tracked as CVE-2024-45696 and CVE-2024-45698. “We do not recommend that security researchers act in this manner, as they expose end-users to further risks without patches being available from the manufacturer.” DIR-X4860 A1 firmware version 1.00, 1.04

Wireless

Wireless Firmware Manufacturing Hacking

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. SecurityAffairs – hacking, routers). ” reads the advisory published by the experts.

Manufacturing

Manufacturing IoT Firmware VPN

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware

Firmware Advertising Manufacturing Malware

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

BadPower attack could burn your device through fast charging

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.” Pierluigi Paganini.

Firmware

Firmware Manufacturing Advertising Hacking

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Unfortunately, often manufacturers sell older OS versions as newer ones. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware

Malware Firmware Antivirus Manufacturing

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

Security Affairs

FEBRUARY 18, 2020

Successfully dumped the smartlock’s firmware. And after having successfully dumped the firmware we can proceed at extracting some valuable evidences for the forensics case. But it saves my time while hacking (I)IoT targets. SecurityAffairs – hacking IoT, Focaccia board). Focaccia-Board is nothing extraordinary.

IoT

IoT Hacking Firmware Advertising

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Security Affairs

MAY 2, 2021

A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The duo was planning to present the attack at the PWN2OWN 2020 hacking contest, but since it was moved online due to the COVID19 pandemic they opted to privately report the issues to the carmaker. “We

Hacking

Hacking Firmware Manufacturing Software

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. SecurityAffairs – hacking, LILIN).

Firmware

Firmware Surveillance Manufacturing Advertising

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Update the firmware on CompactRIO controllers to v8.5 Updating the firmware patches the Safe Mode where defaults are loaded.

Firmware

Firmware Manufacturing Software Authentication

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

” The IoT radio devices are manufactured by Imperial & Dabman (Series I and D) and are distributed in Germany by Telestar, but experts pointed out that it is possible to buy them via Ebay and Amazon by resellers. .” SecurityAffairs – IoT radio devices, hacking). . ” continues the experts. Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes.

Hacking

Hacking IoT Firmware Cybersecurity

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

Unfortunately, manufacturers often sell older OS versions as newer ones. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus

Antivirus Firmware Encryption Manufacturing

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Lenovo warns of flaws that can be used to bypass security features

Security Affairs

NOVEMBER 9, 2022

Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 The root cause of the flaws is the use of a vulnerable driver during the manufacturing process for some Lenovo devices that was mistakenly not deactivated. An attacker can exploit the flaws to disable UEFI Secure Boot.

Firmware

Firmware Manufacturing Hacking Software

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. After looking at 28 of the most popular manufacturers, our research team found 3.5 SecurityAffairs – hacking, IP cameras).

Surveillance

Surveillance Manufacturing Internet Internet

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware

Firmware Malware Hacking Manufacturing

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Roughly 50% of vulnerable devices is manufactured by Chinese company Hichip. Software-based remediation is unlikely due to the infeasibility of changing device UIDs, which are permanently assigned during the manufacturing process. Physical device recalls are unlikely as well because of considerable logistical challenges.

IoT

IoT Hacking Manufacturing Advertising

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. Some impacted models will not receive the firmware updates because they have reached the end-of-life (EoL). score: 9.8), impacting seven router models. impacting multiple devices.

Authentication

Authentication Firmware Manufacturing VPN

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.) In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Advertising

Router Vulnerability and the VPNFilter Botnet

Schneier on Security

JUNE 11, 2018

That's the group behind a long list of attacks, including the 2016 hack of the Democratic National Committee. Pretty much no one patches their routers, so the vulnerabilities have remained, even if they were fixed in new models from the same manufacturers. Some of these models probably do not even have security patches available.

Malware

Malware Firmware Internet Internet

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. SecurityAffairs – hacking, FTTH devices ).

Firmware

Firmware Accountability Advertising Manufacturing

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems. The study focuses on the RUT241 and RUT955 cellular routers manufactured by Teltonika, and on the Remote Management System (RMS) provided by the vendor.

Hacking

Hacking Internet Internet Manufacturing

Mazda Connect flaws allow to hack some Mazda vehicles

PTZOptics cameras zero-days actively exploited in the wild

Trending Sources

Hacking Hardware Security Modules

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

Undocumented hidden feature found in Espressif ESP32 microchip

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Attack Against PC Thunderbolt Port

Android devices shipped with backdoored firmware as part of the BADBOX network

Hacking IoT & RF Devices with BürtleinaBoard

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

IoT Unravelled Part 3: Security

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

March to 5G could pile on heavier security burden for IoT device manufacturers

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

D-Link addressed three critical RCE in wireless router models

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

NSA publishes guidance on UEFI Secure Boot customization

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

BadPower attack could burn your device through fast charging

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

An RCE in Annke video surveillance product allows hacking the device

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Botnet operators target multiple zero-day flaws in LILIN DVRs

NI CompactRIO controller flaw could allow disrupting production

AMD is going to patch UEFI SMM callout privilege escalation flaw

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

Enhanced capabilities sustain the rapid growth of Vo1d botnet

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Lenovo warns of flaws that can be used to bypass security features

3.5m IP cameras exposed, with US in the lead

TrickBoot feature allows TrickBot bot to run UEFI attacks

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

ASUS fixed critical remote authentication bypass bug in several routers

xHelper, the Unkillable Android malware that re-Installs after factory reset

Router Vulnerability and the VPNFilter Botnet

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Stay Connected