Uncategorized

Yuriy working on new HIPSEC Spectre test

Nice to see some recent CHIPSEC activity, given all the recent related CVEs…
…But this is not from the CHIPSEC team, it is from ex-CHIPSEC team member Yuriy of Eclypsium.

Added new module checking for Spectre variant 2
The module checks if system is affected by Speculative Execution Side Channel vulnerabilities. Specifically, the module verifies that the system supports hardware mitigations for Branch Target Injection a.k.a. Spectre Variant 2 (CVE-2017-5715)

See source comments for more info.

https://github.com/c7zero/chipsec/commit/b11bce8a0ed19cbe1d6319ef9928a297b9308840

 

Standard
Uncategorized

system-bus-radio: Transmits AM radio on computers without radio transmitting hardware

Transmits AM radio on computers without radio transmitting hardware. Some computers are intentionally disconnected from the rest of the world. This includes having their internet, wireless, bluetooth, USB, external file storage and audio capabilities removed. This is called “air gapping”. Even in such a situation, this program can transmit radio. Publicly available documents already discuss exfiltration from secured systems using various electromagnetic radiations. Run this using a 2015 model MacBook Air. Then use a Sony STR-K670P radio receiver with the included antenna and tune it to 1580 kHz on AM. You should hear the “Mary Had a Little Lamb” tune playing repeatedly.

https://github.com/fulldecent/system-bus-radio

https://fulldecent.github.io/system-bus-radio/

Standard
Uncategorized

Hacking the fx-CP400 part 1: getting the firmware

 

https://the6p4c.github.io/2018/01/15/hacking-the-gc-part-1.html

https://www.casio.com/products/calculators/graphing/classpad-fx-cp400

SPOILER alert:

[…]Soon enough, I’ll write a Part 2 exploring the firmware image itself and the interesting SuperH architecture it runs upon. Thanks for reading this far. If there’s anything I can improve on in my writing, I’d love to hear it, send your constructive criticism my way!

Standard
Uncategorized

INTEL-001-04 security advisory: Intel NUC and Infineon TPM

Intel® NUC Kit with Infineon Trusted Platform Module

Intel ID: INTEL-SA-00104
Product family: Intel® NUC Kit
Impact of vulnerability: Information Disclosure
Severity rating: Important
Original release: Jan 16, 2018
Last revised: Jan 16, 2018

Certain Intel® NUC systems contain an Infineon Trusted Platform Module (TPM) that has an information disclosure vulnerability as described in CVE-2017-15361.

Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration algorithms for prime number finding, which are common practice today for RSA key generation. For more information please reference the public advisory issued by Infineon.

Intel highly recommends users make sure they have the appropriate Windows operating system patches to work around this vulnerability.

For customers that require a firmware upgrade please contact Intel Customer Support at https://www.intel.com/content/www/us/en/support.html for assistance.

All newly manufactured Intel® NUC systems that contain the Infineon TPM have been updated with the updated firmware from Infineon.

 

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00104&languageid=en-fr

 

Standard
Uncategorized

Tianocore Security Advisory 27: Minnowboard UEFI Variable Deletion/Corruption

Tianocore EDK2 security advisory page has been updated, for the first time since 2016! It looks like a single entry:

https://edk2-docs.gitbooks.io/security-advisory/content/

27. UEFI Variable Deletion/Corruption

Description: Input validation error in MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.

Recommendation: This update improves input validation by firmware and is strongly recommended. For firmware development projects, incorporate the updates in https://github.com/tianocore/edk2-platforms/tree/devel-MinnowBoard3-UDK2017. When using MinnowBoard 3, update to version 0.65 or later. Updated firmware is available at https://firmware.intel.com/projects/minnowboard3

Acknowledgments: Reported by Intel.

References: CVE-2017-5699

The referenced CVE is still empty, hopefully someone at Intel/MITRE/NIST is going to take care of that sometime.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5699
https://nvd.nist.gov/vuln/detail/CVE-2017-5699

 

Standard
Uncategorized

Redfish 2017.3 released

Redfish Specification v1.4.0 is released.

 

DMTF’s Redfish Version 2017.3 is now available. Version 2017.3 adds new schemas for BootOption, Assembly, Protocol, and more.

https://www.dmtf.org/sites/default/files/DSP8010_2017.3.zip
http://www.dmtf.org/standards/redfish
http://redfish.dmtf.org/
https://www.dmtf.org/content/redfish-release-january-2018

 

Standard
Uncategorized

Opensource.com: analyzing the Linux boot process

Nice introductory article.

Analyzing the Linux boot process
16 Jan 2018
Alison Chaiken
The oldest joke in open source software is the statement that “the code is self-documenting.” Experience shows that reading the source is akin to listening to the weather forecast: sensible people still go outside and check the sky. What follows are some tips on how to inspect and observe Linux systems at boot by leveraging knowledge of familiar debugging tools. Analyzing the boot processes of systems that are functioning well prepares users and developers to deal with the inevitable failures.[…]

https://opensource.com/article/18/1/analyzing-linux-boot-process

Summary of early kernel boot process.

Standard