A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, NETGEAR and other major vendors.
Search Results for "firmware"
Experts Propose Standard for IoT Firmware Updates
Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded devices like Internet connected webcams. Filed on October 30, the “IoT Firmware Update Architecture,” establishes security requirements for device makers to implement when designing firmware update mechanisms for connected devices. A familiar list of features The proposed rules include features that have long been recommended by security experts to permit safe handling of software updates. Among them the use of cryptographically signed updates and public key cryptography to provide end-to-end security and verify firmware images, as well as the ability to work with low-power and resource constrained IoT devices. Firmware has been the source of widespread security issues. For example, low-cost […]
Updated: Intel Fixes ‘Nightmarish’ Firmware Flaw But Nobody’s Safe
In-brief: Intel issued a patch for a serious vulnerability in firmware that has shipped with its chipsets for almost nine years, but it could take months for patches to reach affected customers from OEMs. (Editor’s note: updated with analysis from Matthew Garrett. PFR May 2, 2017.)
Flaw Lets Hackers Own Samsung Smartcams With Bogus Firmware
In-brief: a flaw in Samsung’s Smartcam product could allow remote attackers to take control of the devices. The news comes two years after Samsung took steps to patch other flaws in its Internet connected cameras.
Another Week, Another Dangerous Mobile Firmware Vulnerability
In-brief: The security firm Anubis Networks said in a blog post that it has discovered a mystery code by the firm Ragentek that is used in a number of low-cost Android smart phones, used across 55 different device models.