MITER, CISA reveal dangerous hardware and software vulnerabilities


It’s been an active week for security vulnerabilities, with MITER and the US Cybersecurity & Infrastructure Agency (CISA) revealing hundreds of critical vulnerabilities.

CISA ordered federal agencies to fix a list of nearly 300 vulnerabilities and encouraged private organizations to fix them as well.

CISA said the list will be updated as any vulnerability meets three criteria:

  • The vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) identifier
  • There is reliable evidence that the vulnerability has been actively exploited in nature
  • There is a clear remedial action for the vulnerability, such as an update provided by the vendor

The vulnerabilities affect dozens of commercial and open source products, literally from A to Z, starting with Accellion and ending with ZyXEL.

Check out our list of the best patch management tools.

MITER tackles hardware vulnerabilities

Meanwhile, MITER and the Hardware CWE Special Interest Group (SIG) have released a list of dangerous hardware weaknesses, with the aim of raising awareness and preventing major security issues.

The groups encourage both professionals and consumers to ask suppliers to provide more secure equipment. According to MITER, managers and CIOs can use the list to measure progress in their efforts to secure their hardware and eliminate the underlying cause of the vulnerabilities.

According to MITER, “Because hardware is not as easily patchable as software, any defect discovered after release and production generally cannot be corrected without a product recall. “

See our picks for the best vulnerability management tools.

The complete MITER-CWE list

The unclassified list contains 12 entries that categorize the data found in the programming, design and architecture of the hardware. Hackers can exploit these weaknesses to compromise computer systems, exfiltrate data, and even perform DDoS attacks. They are:

  • CWE-1189: Improper isolation of shared resources on a System on a Chip (SoC) – multiplexing leads to a sharing of resources between trusted agents and unreliable agents.
  • CWE-1191: On-chip debugging and testing interface with inappropriate access control – The debugging interface (JTAG) can be used to bypass on-chip protection to extract information.
  • CWE-1231: Inappropriate prevention of changing the lock bit – a computer hacker can exploit a design or coding error to implement the Lock Bit protection function which write-protects certain registers.
  • CWE-1233: Security-sensitive hardware controls with protection of missing latch bits – an attacker could use software to access registers and controls and modify the protected hardware configuration.
  • CWE-1240: Using a cryptographic primitive with a risky implementation – the non-standard cryptographic implementation is quite difficult to correct and puts the whole system at risk.
  • CWE-1244: Internal asset exposed to unsafe debugging level or access state – Untrusted debugging agents can access physical debugging or test interfaces.
  • CWE-1256: Inappropriate restriction of software interfaces to hardware functionality – If the device has poorly secured power management features, an attacker compromises the device without physical access.
  • CWE-1260: Poor handling of overlap between protected memory ranges – when the memory protection unit (MPU) logic handles address overlap incorrectly, allowing lower-privileged software to read or write to protected memory regions that are supposed to be changed by software running with higher privileges only.
  • CWE-1272: Sensitive information not cleared before debug / power state transition – State transitions can occur from one power or debug state to another, sometimes leading to access to sensitive information available in the previous state.
  • CWE-1274: Incorrect access control for volatile memory containing boot code – a hacker could bypass the secure boot process and execute their own untrusted malicious boot code.
  • CWE-1277: Firmware not modifiable – the operation of the firmware exposes the victim to a permanent risk without any possibility of correcting the weaknesses.
  • CWE-1300: Poor protection of physical side channels – An attacker can monitor and measure physical phenomena such as changes in power consumption, electromagnetic emissions (EME) or acoustic emissions to detect patterns and make inferences.

MITER said not to view the list as an ordered set in terms of importance. All weaknesses are generally equal.

Five other vulnerability categories noted

Five additional categories were not part of the final list, but can still be used by analysts to mitigate security concerns:

  • CWE-226: Sensitive information in the resource not deleted before reuse – Resources such as memory are constantly reallocated, but operating systems usually do not erase previously written information, which leads to information leakage.
  • CWE-1247: Inadequate protection against voltage and clock problems – when circuits or sensors are implemented incorrectly, allowing default attacks such as voltage and clock issues which are used to compromise the system.
  • CWE-1262: Incorrect access control for registry interface – Malware can exploit access to hardware features (memory-mapped I / O registers).
  • CWE-1331: Improper isolation of shared resources in Network on Chip (NoC) – Attackers can infer data and introduce network interference if the Network on Chip (NoC) does not or improperly isolate its on-chip structure and internal resources.
  • CWE-1332: Poor management of faults leading to skipping instructions – when critical mechanisms such as firmware authentication or password verification are changed by a hacker, causing the hardware to ignore them more frequently.

How the MITER List Can Help Mitigate Hardware Vulnerabilities

There are specific tests you can perform on a regular basis to help mitigate hardware attacks. It’s called hardware penetration testing, and it typically targets IoT devices such as desktops, tablets, smartphones, fax machines, printers, and many other electronic devices.

Professionals can use the CWE list to identify and mitigate exploitable vulnerabilities. For example, using older devices that do not support Secure Boot is a security risk.

Hackers can use firmware operation compromise the network, because the firmware connects the operating system and the hardware. The most popular firmware is BIOS and UEFI. Firmware exploitation is dangerous because sometimes hackers can exploit vulnerabilities even before the boot sequence.

It is better to buy hardware with enhanced firmware protection (secure and verified boot). The older the firmware, the easier it is to hack. If you cannot update it (for example, CWE-1277), vulnerabilities cannot be patched, which puts consumers at constant risk as long as the device is in operation.

Further Reading: Top Providers of Infringement and Attack Simulations (BAS) for 2021

Source link

Leave A Reply

Your email address will not be published.