Month: August 2017

Aleph Security: Secure Boot vuln in Qualcomm OnePlus 2

~ hucktech ~ Leave a comment

OnePlus 2 Lack of SBL1 Validation Broken Secure Boot
Aleph Research Advisory
CVE-2017-11105

OnePlus 2 (a 2015 Qualcomm Snapdragon 810 device) successfully boots with a tampered Secondary Bootloader (sbl1) partition although it is digitally-signed, hence it is not validated by its Primary Bootloader (PBL), maybe due to lenient hardware configuration. Attackers capable of tampering with the sbl1 partition can then disable the signature validation of the rest of the bootloader chain and other SBL-validated partitions such as TrustZone and ABOOT.[…]

https://alephsecurity.com/vulns/aleph-2017026
https://alephsecurity.com/2017/05/11/oneplus-ota/
https://oneplus.net/
https://nvd.nist.gov/vuln/detail/CVE-2016-10370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8850
https://github.com/OnePlusOSS
https://oneplus.net/2/oxygenos

 

 

Red Hat released RHEL 7.4

~ hucktech ~ Leave a comment

One new feature that is news to me:

USB Guard, a feature that allows for greater control over how plug-and-play devices can be used by specific users to help limit both data leaks and data injection.

https://www.redhat.com/en/about/press-releases/red-hat-bridges-hybrid-multi-cloud-deployments-latest-version-red-hat-enterprise-linux-7

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html

 

Internet of Things Cybersecurity Improvement Act of 2017

~ hucktech ~ Leave a comment

https://twitter.com/pwnallthethings/status/892429696494956545

https://twitter.com/Firminat0r/status/892391239160614912

http://www.reuters.com/article/us-usa-cyber-congress-idUSKBN1AH474