Items tagged with Firmware
Well, this is disturbing. Russian security researcher Vladislav Yarmak is warning of a backdoor that exists in firmware for digital video recorder (DVR) and network video recorder (NVR) powered by HiSilicon system-on-chip (SoC) hardware. This is a zero-day vulnerability that could allow an attacker to gain root access to a compromised device, thereby giving them full control of the gadget. Yarmak says he discovered the vulnerability in firmware made by Hangzhou Xiongmai Technology, a Chinese firm based in Hangzhou. This is an unsettling trend with Xiongmai—back in late 2018, it was reported that over 9 million cameras and DVRs built by Xiongmail (and rebranded by several other companies)...
Read more...
Owners of certain models of Lenovo computers have found that their USB ports and Thunderbolt ports may not work as they should. Multiple Lenovo notebook models have been identified as having issues with their USB-C connectors. The faulty ports often begin to malfunction after six or 12 months of use. Users having problems with the ports report issues including HDMI output cutting out, an error message displayed for Thunderbolt ports, and more. Some affected devices fail to charge via the USB-C port with a USB-C adapter. Lenovo has acknowledged the issues and has offered a long list of impacted devices. For users with devices on the list, which can be seen below, Lenovo is offering a firmware...
Read more...
There's no question that we’re are living in relatively dangerous times with regards to cybersecurity concerns. There isn't a week that goes by that we don't hear of app malware, some large corporation's customers database being raided, or devices themselves being the subject of low-level attacks. The good news, however, is that Microsoft and a number of its hardware partners are working on solutions to help shore up the defenses of our PCs against malicious actors. Microsoft notes that the National Vulnerability Database has monitored a five-fold increase in firmware-based attacks on devices from 2016 to 2018. The company specifically calls out Russian-based APT28 group (aka...
Read more...
Last month reports were making the rounds that Microsoft had started to issue replacements for Surface Pro 4 devices that had screen issues due to faulty firmware updates. Some Surface Pro 4 owners were able to get Microsoft to give them a warranty replacement, and others were unsuccessful in getting that done. Microsoft has now stepped up and acknowledged the Surface Pro 4 firmware issue and all affected users will be able to get a warranty replacement for defective devices. Microsoft has acknowledged the display issues that owners of these devices are seeing is a direct result of the July firmware update for the tablet. That firmware update caused driver issues that had to do with the Surface...
Read more...
Back in October Google disabled the touch controls on the Google Home Mini after a flaw in the controls left the speaker listening to everything that was said in a home. The touch controls on the top of the unit were supposed to be used to activate the Google Assistant. Originally it was said that the touch controls were permanently removed from the speaker, but Google has reactivated the functionality in the latest preview firmware for the device. Rather than simply tapping the top of the Home Mini, you now have to long-press the side of the device. The functions returning with touch controls include pausing music, stopping alarms, ending a call and so on. If you want the Google Home Mini to...
Read more...
Around two years ago, researchers discovered serious firmware vulnerabilities in Mac laptops and desktops, and then developed a proof-of-concept worm to demonstrate how potentially damaging they could be. Since then, Apple has been pretty good about including EFI (extensible firmware interface) updates with its macOS security and software updates, though new evidence suggests it is not nearly enough. This time around, researchers at Duo Security took a detailed look at the firmware used in Mac systems, and found them to be lacking. This is the part of the system that makes a series of checks and instructs core components what to do, before loading up the operating system—in this instance, macOS....
Read more...
Microsoft recently announced a refresh to its Surface Pro 4 models with upgrades to Intel's latest generation processors (Kaby Lake). Part of the promise in upgrading to 7th generation Core CPUs is better batty life—Microsoft said its updated models offer up to 50 percent more run time than the previous generation with Skylake inside. To help meet that promise, Microsoft released new firmware for its Surface Pro 4. The newest firmware addresses battery life when the Surface Pro 4 goes into Sleep mode. This probably will not have a dramatic effect on things, though every little bit of additional run time that Microsoft can squeeze out of its popular 2-in-1 device is appreciated. Here is a look...
Read more...
Earlier this month, we informed you of a nasty vulnerability in certain Netgear routers that opened them up to remote exploits, including “arbitrary command injection” by nefarious parties. Four months after Netgear was first notified about the exploit, no response from the company (or fix) was provided, so a proof of concept was unleashed into the wild. Needless to say, the public reveal of the vulnerability kicked things into high gear for Netgear, and it issued beta firmware updates for the affected routers. While we initially thought that the vulnerability affected just three routers — the R6400, R7000, and R8000 — Netgear’s investigation found that additional routers were also compromised....
Read more...
It’s another day, and another backdoor Android exploit has been discovered. Last week, we brought you news of a secret backdoor installed on a number of budget Android devices that was beaming personal information (test messages, phone numbers, contacts) to servers in China. Today, we’re learning of another exploit that once again targets low-cost Android smartphones. At the center of the discussion this time around is the Ragentek firmware used on a number of Android smartphones. Researchers from BitSight Technologies discovered two internet domains that were hardwired into the firmware. Until recently these domains were unregistered, so BitSight took it upon itself to register the domains...
Read more...
If you’re a victim of severe battery drain on the Surface Pro 3 tablet, we’ve got some good news for you today -- a fix has been released for customers. Interestingly, Microsoft says that the battery drain only affected a “limited number” of Surface Pro 3 devices. In short, the battery’s full charge capacity was being reported incorrectly to the operating system, which lead to Surface Pro 3 devices failing while on battery power. “Think of this like a fuel gauge in a car, where the car looks to the fuel gauge to determine how much to fill the tank,” writes Microsoft while describing the problem. “In this case, if the fuel gauge isn’t working right, the car would also not be able to fill the tank—even...
Read more...
The last time Tesla released a major over-the-air (OTA) update for its Model S electric sedan, it improved upon the already stellar “Insane Mode” found on the dual-motor P85D. But Tesla CEO Elon Musk has something even more promising in store with a new OTA update that will be available to all Model S owners. Musk sent out the following tweet to his followers early this morning:Tesla press conf at 9am on Thurs. About to end range anxiety ... via OTA software update. Affects entire Model S fleet.— Elon Musk (@elonmusk) March 15, 2015 With TSLA stock taking a serious beating in recent months, there’s no question that Musk is looking to help restore some confidence in the company and this just may...
Read more...
Microsoft has begun doling out its October update for the Xbox One to preview program members. It's a pretty big update with somewhat of a heavy focus on improving Snap support. After applying the update, the Snap Center will include faster access to Friends, Messages, Game DVR, clock, and battery indicator when playing a game. A double tap of the Xbox button brings up the menu and allows you to open a new app in snap mode, close the current snapped app, or switch focus between your game and your running snapped app, Microsoft says. In addition, you'll be able to access your friends list and take actions like send message, invite, or join, all without leaving your game. You'll also be able to...
Read more...
A hacker (“Craig”) on a site devoted to embedded device hacking posted a lengthy entry detailing how he, on a whim and armed with boredom and too much Shasta cola, reverse-engineered a firmware update and found a backdoor to certain D-Link routers that allows one to access the devices’ web interface by bypassing authentication. Once you’ve bypassed the authentication process, you can change or access any of the router’s settings. For obvious reasons, this is a serious security problem. This happens if your browser has a certain user agent string. “This is performing a strcmp between the string pointer at offset 0xD0 inside the http_request_t structure and the...
Read more...
Woe is the PlayStation 3 gamer who jumped at the chance to install Sony's newest firmware update, version 4.45. After it was made available, it didn't take long for complaints to surface on Twitter, Reddit, and Sony's own support forum lamenting the fact that the update was bricking consoles, turning their gaming boxes into very expensive paperweights. Sony has since rolled back the firmware to the previous version (4.41) released in April as it looks into what went wrong. "Hi guys, we're aware of reports that the recent PS3 update (4.45) has caused. We have temporarily taken 4.45 offline and are investigating," Sony's PlayStation Europe division said in a statement on Twitter. Sony's made similar...
Read more...
