15.8 C
London
Friday, August 18, 2017
Home Tags Chipset

Tag: chipset

Cheaper, faster, and more feature-rich than Skylake-Xmdash;what's not to love?
Telematics torched in BMWs, Infinitis, Nissan Leaf and some Fords A bunch of mid-age Ford, Infiniti, Nissan and BMW vehicles are carrying around a vulnerable chipset from Infineon that America's ICS-CERT reckons is easy to exploit.…
Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.
Ryzen 3 specs are also out, though prices haven't yet been finalized.
The new X299 platform replaces X99, and scales both lower and higher.
BlackBerry said Wednesday it has been awarded $815 million in an arbitration decision for excess royalties it had paid to chip company Qualcomm.Qualcomm and BlackBerry had entered into an agreement in April last year to arbitrate a dispute over whet...
Broadcom chips allow rogue Wi-Fi signals to execute code of attacker's choosing.
In October, a DDoS attack on Dyn's infrastructure took down a big chunk of the internet, making sites like Amazon and Twitter inaccessible.
It was the first major attack involving IoT (internet of things) devices.

Fortunately, it was also a benign attack: no one got hurt, no one died. However, the next attack could be catastrophic. No one knows when it will happen. No one knows the magnitude.   There are billions of IoT devices out there: web cameras, thermostats, doorbells, smart bulbs, refrigerators, heaters, ovens, and much more.
IoT devices are low hanging fruits for cybercriminals because for all theoretical and practical purposes a majority of these IoT devices are insecure by design, they are insecure by default.
It should be called IIoT: insecure internet of things. Enough whining, is there any solution? Nowadays many security experts are debating if the government should intervene through regulations to prevent any doomsday scenarios.

As far as regulations are concerned, not much is going to happen until Donald J.

Trump takes over the office. Mr.

Trump is quite conservative about federal regulations and has publicly stated that for every new federal regulation, two existing regulations must be eliminated.
In addition to that, trade organizations like the U.S.

Chamber of Commerce and the Consumer Technology Association are against any regulations, citing that it will hinder innovation. Either way, whether the government moves toward the development of such regulations or not, regulations alone can't solve the problem.

Technical solutions are needed.

There are many technical and economic challenges when it comes to IoT security. A majority of IoT vendors are hardware manufacturers who make money by selling more hardware.

They come up with newer versions of devices on weekly basis.

They don't have an incentive to support these devices once they are sold.

At the same time, they also don't have any incentive to invest resources into making and keeping these devices secure.
Software development, especially security, can be expensive when you are constantly chasing a moving target; cybercriminals are always a step ahead. Security is not a one night stand Security isn't something that you can ship with your device and forget about. No software is immune to bugs, and as Linus Torvalds said, these bugs can become security issues and smart developers can exploit them for malicious purposes. Most IoT devices run on Linux and the Linux kernel community is doing an amazing job when it comes to security, they fix things immediately. Greg Kroah Hartman, the leading kernel developer said during his keynote at Core OS Fest, "There are over 10,800 lines of code added, 5,300 lines of code removed and over 1,875 lines of code modified.

Every.
Single.

Day.

That amounts to over 8 changes per second." No other software project, including those by Apple and Microsoft can beat this speed of development. That's where Kroah-Hartman gets upset with software and hardware vendors.

Even if these patches and changes are there in the kernel, these fixes don't reach target devices. "If you make a product with Linux and you can't update it, or any piece of software, it's dead.

The environment changes. We're in a world and the joke is: The only thing that's constant is change," he told me in an interview. "You have to design your system so it can update itself." There are systems that offer automated updates to mitigate the security issue.

These systems include Core OS, Chrome OS and even Android.

But none of these systems are targeted at IoT devices. Ubuntu Core enters the picture Canonical, the parent company of Ubuntu has developed a free and open source operating system called Ubuntu Core, specifically for IoT devices.
It's designed ground up with security and ease of maintenance in mind and it approaches IoT the way it should. According to the IoT page of Ubuntu.com: Ubuntu Core is a tiny, transactional version of Ubuntu for IoT devices and large container deployments.
It runs a new breed of super-secure, remotely upgradeable Linux app packages known as snaps ‐ and it's trusted by leading IoT players, from chipset vendors to device makers and system integrators. I spoke with Jamie Bennett, Engineering Manager, Snappy Ubuntu and he explained how Ubuntu Core works.
Software on an Ubuntu Core system is distributed as a snap.

This packaging format makes it super easy for an Independent Software Vendor (ISV) to deliver software to an Ubuntu Core device.

The actual route an ISV has to take to fix a vulnerability is: Fix the vulnerability in their code Use the snapcraft tool to create a new snap (which can also update a dependency within the snap, so if there is a vulnerability in any library they can easily upgrade their snap with the fixed version of that library) Upload this to the Ubuntu Store "Afterward, all internet-connected Ubuntu Core devices will receive the update within 8hrs (we have a refresh mechanism on the device that checks for updates 4 times a day and downloads new versions of any software installed if it finds it in the Ubuntu Store). Note that this is the same for any software on the device, including Ubuntu Core itself.
In a similar vein, if an OEM has their own software on the device they use the same mechanism to update their software too," said Bennett. What it means is that the software component of the IoT device running Ubuntu Core will remain updated automatically, without any user or vendor intervention.
In most cases, the devices won't even require a reboot, which means no downtime. Could Ubuntu Core have avoided Dyn attack? What if the devices involved in Dyn attack were running Ubuntu Core? Is it possible that Ubuntu Core could have prevented that attack? "Yes, there are things that could have been done to prevent that particular attack, but the more important point is that we need to be able to learn and improve, and FIX issues on devices after they have shipped.

That's the main improvement in Ubuntu Core, we can ALWAYS fix issues, on every device, almost entirely automatically," Mark Shuttleworth, the founder of Ubuntu and Canonical told me, "We cannot say that Ubuntu Core is immune to attack, but we can be very confident that any detected attack can be addressed quickly and globally through automatic updates." Can Ubuntu Core thwart future attacks? "Security is about vigilance and responsiveness.

There is no up-front strategy to avoid future attacks, it's more important to be able to fix things quickly and reliably," said Shuttleworth.

That's the crux.
I see no reason for IoT vendors to no use systems like Ubuntu Core that offer optimum security and almost zero cost. It ought to be super expensive I hear you.

But no.
It's free of cost. Just like any other Ubuntu distribution, Ubuntu Core can be downloaded from the Ubuntu website today. "Canonical offers support and extra services around this product, just like we do with the Ubuntu Desktop and Server (and other products).
If a vendor wanted to use Ubuntu Core there is no up-front charge," said Bennett. Win-win situation IoT vendors don't have to do any extra work than they are already doing.

They don't have to invest in security or in system updates. "They can take a standard Linux system that a team of Canonical experts created and currently maintain, that is rigorously tested in-house, has security, updates, and rollback features baked in from the start, and has the ability to offer the OEM's customers a full application ecosystem on top, then that is pretty compelling," said Bennett.

There is a clear incentive for OEMs.

They don't have to worry about the software, the security and updates of the devices.

They can focus on creating great devices that are more secure, robust and extensible. Which may translate into the sale of more devices. Additionally, if such vendors do write any IoT-specific code and contribute that code as open source, they will benefit from each other's work by distributing and cutting the R&D and software development cost. No matter how you look at it, it's a win-win situation. This article is published as part of the IDG Contributor Network. Want to Join?
Now ZyXEL and D-Link routers from Post Office and TalkTalk under siege Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected.

The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so. Problems at the Post Office and TalkTalk both began on Sunday and collectively affected hundreds of thousands of surfers.
Similar attacks against thousands of KCOM broadband users around Hull that started about the same time targeted users of telco-supplied routers.

Thousands of punters at the smaller ISP were left without a reliable internet connection as a result of the assault, which targeted routers from Taiwanese manufacturer ZyXEL. KCOM told El Reg that Mirai was behind the assault on its broadband customers, adding that: "ZyXEL has developed a software update for the affected routers that will address the vulnerability." The timing and nature of this patch remains unclear. ZyXEL told El Reg that the problem stemmed from malicious exploitation of the maintenance interface (port 7547) on its kit, which it was in the process of locking down. With malicious practice in place, unauthorised users could access or alter the device's LAN configuration from the WAN-side using TR-064 protocol. ZyXEL is aware of the issue and assures customers that we are handling the issue with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with one of our chipset providers, Econet, with chipsets RT63365 and MT7505 with SDK version #7.3.37.6 and #7.3.119.1 v002 respectively. Last week a widespread attack on the maintenance interfaces of broadband routers affected the telephony, television, and internet service of about 900,000 Deutsche Telekom customers in Germany.
Vulnerable kit from ZyXEL also cropped up in the Deutsche Telekom case. Other victims include customers of Irish ISP Eir where (once again) ZyXEL-supplied kit was the target. The Post Office confirmed that around "100,000 of our customers" have been affected and that the attack had hit "customers with a ZyXEL router". ZyXEL routers are not a factor in the TalkTalk case, where routers made by D-Link are under the hammer.

TalkTalk confirmed that the Mirai botnet was behind the attack against its customers, adding in the same statement that a fix was being rolled out. Along with other ISPs in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm.

A small number of customer routers have been affected, and we have deployed additional network-level controls to further protect our customers. We do believe this has been caused by the Mirai worm – we can confirm that a fix is now in place, and all affected customers can reconnect to the internet. Only a small number of our customers have the router (a D-Link router) that was at risk of this vulnerability, and only a small number of those experienced connection issues. The Post Office is similarly promising its customers that a fix is in the works. Post Office can confirm that on 27 November a third party disrupted the services of its broadband customers, which impacted certain types of routers.

Although this did result in service problems we would like to reassure customers that no personal data or devices have been compromised. We have identified the source of the problem and implemented a resolution which is currently being rolled out to all customers. It's unclear who is responsible for the growing string of attacks on ISP customers across Europe or their motives.

The mechanism of the attack is, however, all too clear. Hackers are using the infamous Mirai malware or one of its derivatives to wreak havoc.

The IoT malware scans for telnet before attempting to hack into vulnerable devices, using a brute-force attack featuring 61 different user/password combinations, the various default settings of kit from various manufacturers. Up to 5m devices are up for grabs thanks to wide open management ports, according to some estimates. Jean-Philippe Taggart, senior security researcher at Malwarebytes, said: "The leaked Mirai code, poorly secured remote administration on IoT devices, coupled with the recent availability of a Metasploit module to automate such attacks make for an ideal botnet recruitment campaign. "So far, it seems the infection does not survive a reboot, but the malicious actors tend to disable access to the remote administration as part of the infection.

This prevents the ISP from applying an update that would solve these issues.

The botnet gains a longer life as users seldom reboot their routers unless they're experiencing a problem." Other experts imply further attacks along the same lines are inevitable because the state of router security is poor and unlikely to improve any time soon. Daniel Miessler, director of advisory services at IOActive, commented: "Recent attacks to Deutsche Telekom, TalkTalk and the UK Post Office will be felt by hundreds of thousands of broadband customers in Europe, but while the lights stay on and no one is in any real physical or financial danger, sadly nothing will change.
IoT will remain fundamentally insecure. "The current state of IoT security is in bad shape, and will get a whole lot worse before it gets any better.

The Mirai botnet, which is powered by 100,000 IoT devices that are insecure by default, is just the most obvious and topical example." ® Sponsored: Customer Identity and Access Management
The four chipset bugs could be exploited by attackers to gain control of a smartphone or tablet and access sensitive data, according to Check Point. A set of security vulnerabilities in Qualcomm chipsets has put 900 million Android smartphones and tablets at risk of being taken over by hackers, according to researchers at security technology vendor Check Point Software Technologies.At the DefCon 24 show in Las Vegas Aug. 7 and in a post on the company blog, Adam Donenfeld, a security researcher with Check Point outlined the four vulnerabilities that he has pulled together under the name QuadRooter.

The security flaws in the Qualcomm chipsets open up the Android devices to being taken over by hackers who can gain control and unrestricted access to personal and corporate information on them, Donenfeld wrote in the blog post.Check Point reported the vulnerabilities to Qualcomm between February and April, and the vendor has released fixes for all four. However, Qualcomm's position at the world's largest mobile chip maker has put a wide range of devices at risk, and the fragmented nature of the Android market presents challenges to ensuring that all the smartphones and tablets can be protected in a timely fashion."QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets," Donenfeld wrote. "Qualcomm is the world's leading designer of LTE chipsets with a 65% share of the LTE modem baseband market.
If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device. … If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them.

Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio." In a statement to journalists, Qualcomm officials said the company had "made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July." According to Check Point officials, the vulnerabilities are in the software drivers in the chipsets, which makes any Android device using the chipsets exposed.

The drivers control communications between components on the chipset, Donenfeld wrote.

A problem is that because these vulnerable chipsets are built into the smartphones and tablets before they ship, they can only be fixed by installing a software patch from the device maker or carrier.

Those companies get the patches through fixed driver packs from Qualcomm."This situation highlights the inherent risks in the Android security model," Donenfeld wrote. "Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data."At the same time, older devices that no longer are supported may not get the update.According to Check Point, an attacker can exploit the vulnerabilities by using a malicious app that don't need any special permissions, which may reduce the suspicion of any users considering downloading it.Check Point has released a free scanner app in the Android Play store that end users can use to see if their devices are at risk to from the QuadRooter vulnerabilities.

Among the devices that use these chipsets from Qualcomm includes Google's Nexus 5X, Nexux 6 and Nexus 6P, HTC's One, M9 and 10, the G4, G5 and V10 from LG Electronics, Samsung's Galaxy S7 and S7 Edge and Sony's Xperia Z Ultra, according to Check Point.Check Point is urging users to download and install the latest Android updates as soon as they become available and to carefully examine any app installation request before accepting it to ensure it's legitimate.
In addition, users should only download apps on Google Play and avoid apps found on third-party sites, and they should only use trusted WiFi networks or—when traveling—only use those that can be verified as coming from a trustworthy source.
Or buy something that doesn't use a Qualcomm Snapdragon Another month means another double bundle of security vulnerability patches for Android. Google is sticking to the twin-release pattern it used last month: the first batch addresses flaws in Android's system-level software that everyone should install, and the second squashes bugs in hardware drivers and kernel-level code that not everyone needs. The first patch set closes holes in Android 4.4.4 to the current build. Owners of Nexus gear will get these patches over-the-air very soon; everyone else will have to wait for their gadget makers and cellphone networks to issue them – which might be forever, leaving them forever vulnerable. These holes include programming blunders in Mediaserver that can be exploited by a specially crafted MMS or an in-browser media file to potentially execute malicious code on a device.

Getting a bad text or visiting an evil webpage could be enough to slip spyware onto your device, provided it is able to defeat ASLR and other defense mechanisms. Mediaserver has other bugs, including four elevation-of-privileges holes allowing installed apps to gain more control of a device than they should, and code cockups that can crash a handheld. The remaining patches address information leakages in the Wi-Fi, camera, SurfaceFlinger and Mediaserver code, and OpenSSL, all of which can be abused by installed apps to "access sensitive data without permission." The full list is here: Issue CVE Severity Affects Nexus? Remote code execution vulnerability in Mediaserver CVE-2016-3819, CVE-2016-3820, CVE-2016-3821 Critical Yes Remote code execution vulnerability in libjhead CVE-2016-3822 High Yes Elevation of privilege vulnerability in Mediaserver CVE-2016-3823, CVE-2016-3824, CVE-2016-3825, CVE-2016-3826 High Yes Denial of service vulnerability in Mediaserver CVE-2016-3827, CVE-2016-3828, CVE-2016-3829, CVE-2016-3830 High Yes Denial of service vulnerability in system clock CVE-2016-3831 High Yes Elevation of privilege vulnerability in framework APIs CVE-2016-3832 Moderate Yes Elevation of privilege vulnerability in Shell CVE-2016-3833 Moderate Yes Information disclosure vulnerability in OpenSSL CVE-2016-2842 Moderate Yes Information disclosure vulnerability in camera APIs CVE-2016-3834 Moderate Yes Information disclosure vulnerability in Mediaserver CVE-2016-3835 Moderate Yes Information disclosure vulnerability in SurfaceFlinger CVE-2016-3836 Moderate Yes Information disclosure vulnerability in Wi-Fi CVE-2016-3837 Moderate Yes Denial of service vulnerability in system UI CVE-2016-3838 Moderate Yes Denial of service vulnerability in Bluetooth CVE-2016-3839 Moderate Yes The second patch bundle contains fixes for driver-level code, and whether or not you need each of them depends on your hardware: if you have a chipset that introduces one of these vulnerabilities, you'll need to install a fix. Nexus owners will get these automatically as necessary; other phone and tablet manufacturers may roll them out as and when they feel ready.

That could be never in some cases. The bundle predominantly fixes problems with Qualcomm's driver software – Qualy being the dominant Android system-on-chip designer, and its Snapdragon SoCs are used pretty much everywhere.

These Qualcomm bugs are definitely ones to watch as these kinds of low-level flaws were used to blow apart Android's full-disk encryption system last month. The patches includes fixes for Qualcomm's bootloader, and Qualcomm drivers for cameras, networking, sound, and video hardware.

A malicious app on a Qualcomm-powered phone or tablet could exploit these to gain kernel-level access – completely hijacking the device, in other words.

An app could use these holes to root a Nexus 5, 5X, 6, 6P and 7 so badly it would need a complete factory reset to undo the damage. There are other bugs fixed in this batch because they can be exploited by malicious applications on Qualcomm-powered devices to access "sensitive data without explicit user permission." The full list is below: Issue CVE Severity Affects Nexus? Remote code execution vulnerability in Qualcomm Wi‑Fi driver CVE-2014-9902 Critical Yes Remote code execution vulnerability in Conscrypt CVE-2016-3840 Critical Yes Elevation of privilege vulnerability in Qualcomm components CVE-2014-9863, CVE-2014-9864, CVE-2014-9865, CVE-2014-9866, CVE-2014-9867, CVE-2014-9868, CVE-2014-9869, CVE-2014-9870, CVE-2014-9871, CVE-2014-9872, CVE-2014-9873, CVE-2014-9874, CVE-2014-9875, CVE-2014-9876, CVE-2014-9877, CVE-2014-9878, CVE-2014-9879, CVE-2014-9880, CVE-2014-9881, CVE-2014-9882, CVE-2014-9883, CVE-2014-9884, CVE-2014-9885, CVE-2014-9886, CVE-2014-9887, CVE-2014-9888, CVE-2014-9889, CVE-2014-9890, CVE-2014-9891, CVE-2015-8937, CVE-2015-8938, CVE-2015-8939, CVE-2015-8940, CVE-2015-8941, CVE-2015-8942, CVE-2015-8943 Critical Yes Elevation of privilege vulnerability in kernel networking component CVE-2015-2686, CVE-2016-3841 Critical Yes Elevation of privilege vulnerability in Qualcomm GPU driver CVE-2016-2504, CVE-2016-3842 Critical Yes Elevation of privilege vulnerability in Qualcomm performance component CVE-2016-3843 Critical Yes Elevation of privilege vulnerability in kernel CVE-2016-3857 Critical Yes Elevation of privilege vulnerability in kernel memory system CVE-2015-1593, CVE-2016-3672 High Yes Elevation of privilege vulnerability in kernel sound component CVE-2016-2544, CVE-2016-2546, CVE-2014-9904 High Yes Elevation of privilege vulnerability in kernel file system CVE-2012-6701 High Yes Elevation of privilege vulnerability in Mediaserver CVE-2016-3844 High Yes Elevation of privilege vulnerability in kernel video driver CVE-2016-3845 High Yes Elevation of privilege vulnerability in Serial Peripheral Interface driver CVE-2016-3846 High Yes Elevation of privilege vulnerability in NVIDIA media driver CVE-2016-3847, CVE-2016-3848 High Yes Elevation of privilege vulnerability in ION driver CVE-2016-3849 High Yes Elevation of privilege vulnerability in Qualcomm bootloader CVE-2016-3850 High Yes Elevation of privilege vulnerability in kernel performance subsystem CVE-2016-3843 High Yes Elevation of privilege vulnerability in LG Electronics bootloader CVE-2016-3851 High Yes Information disclosure vulnerability in Qualcomm components CVE-2014-9892, CVE-2014-9893, CVE-2014-9894, CVE-2014-9895, CVE-2014-9896, CVE-2014-9897, CVE-2014-9898, CVE-2014-9899, CVE-2014-9900, CVE-2015-8944 High Yes Information disclosure vulnerability in kernel scheduler CVE-2014-9903 High Yes Information disclosure vulnerability in MediaTek Wi-Fi driver CVE-2016-3852 High Yes Information disclosure vulnerability in USB driver CVE-2016-4482 High Yes Denial of service vulnerability in Qualcomm components CVE-2014-9901 High Yes Elevation of privilege vulnerability in Google Play services CVE-2016-3853 Moderate Yes Elevation of privilege vulnerability in Framework APIs CVE-2016-2497 Moderate Yes Information disclosure vulnerability in kernel networking component CVE-2016-4578 Moderate Yes Information disclosure vulnerability in kernel sound component CVE-2016-4569, CVE-2016-4578 Moderate Yes Vulnerabilities in Qualcomm components CVE-2016-3854, CVE-2016-3855, CVE-2016-3856 High No Based on past experience, Nexus users are going to get both sets of patches within the next seven days. Other Android users may have to wait an awful lot longer – during which time, they'll be potentially vulnerable to attack. ® PS: Yeah, yeah, BlackBerry's Priv and DETK50 Androids get patches at the same time as Nexuses. We know. Sponsored: Global DDoS threat landscape report