Questions tagged [firmware]

166 questions
102
votes
9 answers

Buying a "Used" Router

I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage. I'm a bit nervous that it could have been modified by whoever had it last. What are the main risks in…
GWR
  • 1,203
  • 2
  • 9
  • 11
40
votes
4 answers

How to know if firmware is stealing my information?

The recent news item Chinese Star N9500 Android smartphone contains factory-installed Trojan, says security firm has prompted me to think about firmware security. The news mentions the spyware is part of the device's firmware. This makes me worry:…
32
votes
1 answer

Should I worry about compromised firmware when reinstalling an OS?

I have a machine that I suspect to be compromised and am installing a new OS from a usb. I know that there have been cases of malware surviving this, and even BIOS-reflashing, and something about the malware hiding on other firmware. But how common…
CoolName
  • 331
  • 2
  • 5
29
votes
4 answers

How to verify if router firmware is legitimate

I have read that router firmware is supposed to be patched. How do I verify that the firmware update is indeed a unmodified version of the firmware? I know about signature checking, but how would I do this in regards to my router?
Bob
  • 291
  • 3
  • 4
29
votes
11 answers

What is the point of using an open source and secure OS if you are running it on a machine with closed source firmware?

I'm very interested in the OpenBSD OS, as it currently seems to me to be the option that takes security more seriously than its contemporaries. But as I was reading about it, it occurred to me that even if OpenBSD is all it claims to be, how does…
herzEGG
  • 399
  • 3
  • 5
27
votes
8 answers

Should firmware images for IoT be encrypted for security reasons?

When working with Internet of Things devices, is it recommend to obfuscate or encrypt firmware images pushed to clients? This to make reverse engineering harder. (They should be signed of course)
VC_work
  • 481
  • 4
  • 7
25
votes
4 answers

Safe to download router firmware over unencrypted HTTP?

I went to download the latest firmware for my router and noticed the download link is not HTTPS, so I sent the following email to the manufacturer: I went to look for new firmware for my Archer C7 router, but I saw that the download link is over…
Ian Phillips
  • 361
  • 3
  • 5
24
votes
8 answers

Detecting and removing Absolute persistence technology

Absolute persistence technology amounts to a persistent rootkit pre-installed by many device manufacturers (Acer, Asus, Dell, HP, Lenovo, Samsung, Toshiba, etc) to facilitate LoJack for laptops, and other backdoor services: The Absolute persistence…
sampablokuper
  • 1,961
  • 1
  • 19
  • 33
24
votes
5 answers

Do multiple routers increase security?

My traffic goes trough 6 routers in sequence. +----------+ +----------+ | | 192.168.3.2 | | | Internet | +---------->+ Router 4 | | | | | …
the french
  • 265
  • 3
  • 3
21
votes
2 answers

What is known about the capabilities of AMD's Secure Processor?

I've found a fair amount of research about what Intel's ME does, including the "Intel x86 considered harmful (Chapter 4 is about ME)" survey paper by Joanna Rutkowska, but I'm having a much harder time finding information about AMD's Secure…
mikkros
  • 211
  • 2
  • 4
19
votes
1 answer

Keyboard firmware hack - Linux vulnerable?

I see that Apple patched OS X to mitigate against K. Chen's famous Apple keyboard firmware hack. However: Apple keyboards can be used with computers running other operating systems; and in any case, other manufacturers' keyboards may be similarly…
sampablokuper
  • 1,961
  • 1
  • 19
  • 33
18
votes
2 answers

Can BIOS malware be installed from OS?

Can an OS vulnerability be exploited to install BIOS/UEFI/firmware malware (such as a keylogger)? I know BIOS is a "deeper" level than the OS. I know firmware based keyloggers exist. I know they can be installed by an adversary flashing the BIOS.…
Emma
  • 181
  • 1
  • 1
  • 3
16
votes
1 answer

How can anyone access Intel's "backdoor OS", MINIX?

I've read that all recent Intel-based machines include a secret MINIX-based OS, and that it even includes its own web-server. How does one access this OS's services from the main OS? Its purpose seems to be to be accessed through the network. How…
MWB
  • 303
  • 2
  • 11
15
votes
6 answers

Can the BadUSB exploit be prevented?

Recently I read a few things about the BadUSB exploit, for example: http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/ My understanding is that a device connected to USB can change its…
molotovsoda
  • 151
  • 1
  • 3
14
votes
2 answers

Write-protection at hardware level for security

It seems to me that to maximise server security, one ought - in addition to the usual security measures implemented in software - to prevent the overwriting of certain parts of the server system, such that only physical access will circumvent this…
sampablokuper
  • 1,961
  • 1
  • 19
  • 33
1
2 3
11 12