Items tagged with Firmware
Earlier this week, we reported on a rising trend of cybersecurity incidents worldwide, leading to the end of many businesses. Now, Microsoft is reporting that firmware attacks are also on the rise. Thus, Microsoft is working to help quell the problem in the future with new comprehensive investments into security. As Microsoft explains, “cybersecurity threats are always evolving,” in response to cybersecurity professionals evolving, which proves to be a vicious cycle. However, it appears that firmware attacks are “outpacing investments targeted at stopping them.” This is partly due to misdirected investments and is “exacerbated by a lack of awareness and a lack of...
Read more...
Attackers with physical access to a device can generally do the most damage to a machine. This remains true with CVE-2020-8705, where an attacker with physical access can gain control of the system firmware while the device resumes from a sleep state. This means there could be privilege escalations, data loss, and more depending on what the primary motives of the attacker. Therefore, Intel users need to patch their systems and prevent unwanted physical access. According to Trammell Hudson, CVE-2020-8705, or “Sleep Attack,” occurs when Intel x86 computers enter the sleep state called “S3.” The sleep state turns off the CPU but keeps the DRAM powered, so the CPU state must...
Read more...
Users of the Samsung Galaxy S20 line of smartphones have received several firmware updates for the devices since they launched. The last update for the S20 family that was released globally had several issues in particular for Galaxy S20 Ultra owners. Among the issues was a green tint to the display with the high refresh rate mode enabled, and the Galaxy S20 Ultra saw slower superfast charging after the update was applied than when it launched. The issues have apparently led Samsung to pull the firmware off the market entirely. Galaxy S20 Ultra owners yet to download the update, which was firmware version G988xXXU1ATCT, will be unable to do so. The firmware update is reportedly no longer available...
Read more...
Well, this is disturbing. Russian security researcher Vladislav Yarmak is warning of a backdoor that exists in firmware for digital video recorder (DVR) and network video recorder (NVR) powered by HiSilicon system-on-chip (SoC) hardware. This is a zero-day vulnerability that could allow an attacker to gain root access to a compromised device, thereby giving them full control of the gadget. Yarmak says he discovered the vulnerability in firmware made by Hangzhou Xiongmai Technology, a Chinese firm based in Hangzhou. This is an unsettling trend with Xiongmai—back in late 2018, it was reported that over 9 million cameras and DVRs built by Xiongmail (and rebranded by several other companies)...
Read more...
Owners of certain models of Lenovo computers have found that their USB ports and Thunderbolt ports may not work as they should. Multiple Lenovo notebook models have been identified as having issues with their USB-C connectors. The faulty ports often begin to malfunction after six or 12 months of use. Users having problems with the ports report issues including HDMI output cutting out, an error message displayed for Thunderbolt ports, and more. Some affected devices fail to charge via the USB-C port with a USB-C adapter. Lenovo has acknowledged the issues and has offered a long list of impacted devices. For users with devices on the list, which can be seen below, Lenovo is offering a firmware...
Read more...
There's no question that we’re are living in relatively dangerous times with regards to cybersecurity concerns. There isn't a week that goes by that we don't hear of app malware, some large corporation's customers database being raided, or devices themselves being the subject of low-level attacks. The good news, however, is that Microsoft and a number of its hardware partners are working on solutions to help shore up the defenses of our PCs against malicious actors. Microsoft notes that the National Vulnerability Database has monitored a five-fold increase in firmware-based attacks on devices from 2016 to 2018. The company specifically calls out Russian-based APT28 group (aka...
Read more...
Last month reports were making the rounds that Microsoft had started to issue replacements for Surface Pro 4 devices that had screen issues due to faulty firmware updates. Some Surface Pro 4 owners were able to get Microsoft to give them a warranty replacement, and others were unsuccessful in getting that done. Microsoft has now stepped up and acknowledged the Surface Pro 4 firmware issue and all affected users will be able to get a warranty replacement for defective devices. Microsoft has acknowledged the display issues that owners of these devices are seeing is a direct result of the July firmware update for the tablet. That firmware update caused driver issues that had to do with the Surface...
Read more...
Back in October Google disabled the touch controls on the Google Home Mini after a flaw in the controls left the speaker listening to everything that was said in a home. The touch controls on the top of the unit were supposed to be used to activate the Google Assistant. Originally it was said that the touch controls were permanently removed from the speaker, but Google has reactivated the functionality in the latest preview firmware for the device. Rather than simply tapping the top of the Home Mini, you now have to long-press the side of the device. The functions returning with touch controls include pausing music, stopping alarms, ending a call and so on. If you want the Google Home Mini to...
Read more...
Around two years ago, researchers discovered serious firmware vulnerabilities in Mac laptops and desktops, and then developed a proof-of-concept worm to demonstrate how potentially damaging they could be. Since then, Apple has been pretty good about including EFI (extensible firmware interface) updates with its macOS security and software updates, though new evidence suggests it is not nearly enough. This time around, researchers at Duo Security took a detailed look at the firmware used in Mac systems, and found them to be lacking. This is the part of the system that makes a series of checks and instructs core components what to do, before loading up the operating system—in this instance, macOS....
Read more...
Microsoft recently announced a refresh to its Surface Pro 4 models with upgrades to Intel's latest generation processors (Kaby Lake). Part of the promise in upgrading to 7th generation Core CPUs is better batty life—Microsoft said its updated models offer up to 50 percent more run time than the previous generation with Skylake inside. To help meet that promise, Microsoft released new firmware for its Surface Pro 4. The newest firmware addresses battery life when the Surface Pro 4 goes into Sleep mode. This probably will not have a dramatic effect on things, though every little bit of additional run time that Microsoft can squeeze out of its popular 2-in-1 device is appreciated. Here is a look...
Read more...
Earlier this month, we informed you of a nasty vulnerability in certain Netgear routers that opened them up to remote exploits, including “arbitrary command injection” by nefarious parties. Four months after Netgear was first notified about the exploit, no response from the company (or fix) was provided, so a proof of concept was unleashed into the wild. Needless to say, the public reveal of the vulnerability kicked things into high gear for Netgear, and it issued beta firmware updates for the affected routers. While we initially thought that the vulnerability affected just three routers — the R6400, R7000, and R8000 — Netgear’s investigation found that additional routers were also compromised....
Read more...
It’s another day, and another backdoor Android exploit has been discovered. Last week, we brought you news of a secret backdoor installed on a number of budget Android devices that was beaming personal information (test messages, phone numbers, contacts) to servers in China. Today, we’re learning of another exploit that once again targets low-cost Android smartphones. At the center of the discussion this time around is the Ragentek firmware used on a number of Android smartphones. Researchers from BitSight Technologies discovered two internet domains that were hardwired into the firmware. Until recently these domains were unregistered, so BitSight took it upon itself to register the domains...
Read more...
If you’re a victim of severe battery drain on the Surface Pro 3 tablet, we’ve got some good news for you today -- a fix has been released for customers. Interestingly, Microsoft says that the battery drain only affected a “limited number” of Surface Pro 3 devices. In short, the battery’s full charge capacity was being reported incorrectly to the operating system, which lead to Surface Pro 3 devices failing while on battery power. “Think of this like a fuel gauge in a car, where the car looks to the fuel gauge to determine how much to fill the tank,” writes Microsoft while describing the problem. “In this case, if the fuel gauge isn’t working right, the car would also not be able to fill the tank—even...
Read more...
The last time Tesla released a major over-the-air (OTA) update for its Model S electric sedan, it improved upon the already stellar “Insane Mode” found on the dual-motor P85D. But Tesla CEO Elon Musk has something even more promising in store with a new OTA update that will be available to all Model S owners. Musk sent out the following tweet to his followers early this morning:Tesla press conf at 9am on Thurs. About to end range anxiety ... via OTA software update. Affects entire Model S fleet.— Elon Musk (@elonmusk) March 15, 2015 With TSLA stock taking a serious beating in recent months, there’s no question that Musk is looking to help restore some confidence in the company and this just may...
Read more...
Microsoft has begun doling out its October update for the Xbox One to preview program members. It's a pretty big update with somewhat of a heavy focus on improving Snap support. After applying the update, the Snap Center will include faster access to Friends, Messages, Game DVR, clock, and battery indicator when playing a game. A double tap of the Xbox button brings up the menu and allows you to open a new app in snap mode, close the current snapped app, or switch focus between your game and your running snapped app, Microsoft says. In addition, you'll be able to access your friends list and take actions like send message, invite, or join, all without leaving your game. You'll also be able to...
Read more...
A hacker (“Craig”) on a site devoted to embedded device hacking posted a lengthy entry detailing how he, on a whim and armed with boredom and too much Shasta cola, reverse-engineered a firmware update and found a backdoor to certain D-Link routers that allows one to access the devices’ web interface by bypassing authentication. Once you’ve bypassed the authentication process, you can change or access any of the router’s settings. For obvious reasons, this is a serious security problem. This happens if your browser has a certain user agent string. “This is performing a strcmp between the string pointer at offset 0xD0 inside the http_request_t structure and the...
Read more...
Woe is the PlayStation 3 gamer who jumped at the chance to install Sony's newest firmware update, version 4.45. After it was made available, it didn't take long for complaints to surface on Twitter, Reddit, and Sony's own support forum lamenting the fact that the update was bricking consoles, turning their gaming boxes into very expensive paperweights. Sony has since rolled back the firmware to the previous version (4.41) released in April as it looks into what went wrong. "Hi guys, we're aware of reports that the recent PS3 update (4.45) has caused. We have temporarily taken 4.45 offline and are investigating," Sony's PlayStation Europe division said in a statement on Twitter. Sony's made similar...
Read more...
Back in April, we ran a pair of OCZ Vertex 4 SSDs (256GB and 512GB) through the benchmark grinder to see what they could do... Today, we’re testing another brother in the family, the 128GB OCZ Vertex 4. When we first tested the aforementioned drives, we found that the latest generation of the Vertex series delivered somewhat uneven performance. In some workloads, the drives more or less smoked the competition, while they stumbled a bit in others. The bottom line was that the OCZ Vertex 4 SSDs were mostly impressive, but they didn’t demonstrate quite the upgrade from the previous-generation Vertex 3s that we would have liked. Between then and now, however, OCZ has tended...
Read more...
Back in April, we ran a pair of OCZ Vertex 4 SSDs (256GB and 512GB) through the benchmark grinder to see what they could do and also told you everything you ever wanted to know about them in the process. Today, we’re testing another brother in the family, the 128GB OCZ Vertex 4. When we first tested the aforementioned drives, we found that the latest generation of the Vertex series delivered somewhat uneven performance. In some workloads, the drives more or less smoked the competition, while they stumbled a bit in others. The bottom line was that the OCZ Vertex 4 SSDs were mostly impressive, but they didn’t demonstrate quite the upgrade from the previous-generation Vertex...
Read more...
Do you enjoy the sound of your own voice? Don't worry, we're not here to judge, and truth be sold, we sometimes feel the same way. The exception to our vanity is when we're playing a game and yelling at our teammates through a headset. That became a problem when Sony rolled out its v4.10 for the PlayStation 3, which enabled you to hear your own voice through the company's new Wireless Stereo Headset, a feature many users complained about. Sony heard you loud and clear and is getting ready to roll out another firmware update, v4.20, which will give you the option to select one of five levels of microphone audio to tone down the effect, or turn it off altogether so that you're not yelling in your...
Read more...
Don't underestimate the power of finely tuned firmware. Underscoring this point is the release of new enhanced IOPS firmware (v1.13) for OCZ's Octane SATA 3.0 Series solid state drives (SSDs). With the new firmware applied, OCZ promises significant improvements to write performance, over double in some capacities. For all Octane SATA 6Gb/s models, the improved IOPS made possible by this new firmware allow for greater transactional performance, especially during small file and random access speeds in everyday computing applications," OCZ said. "When compared to the previous revision, random write IOPS performance doubles across nearly all capacities when tested in Iometer 2008." OCZ reports random...
Read more...
Crucial, the Micron-owned maker of memory and storage products, made good on its promise to fix a strange issue plaguing some M4 solid state drive owners. Earlier this month, Crucial said it was hard at work on new firmware that would address an issue causing some M4 SSDs to stall out Windows and kick out a Blue Screen of Death (BSoD) with an error code that reads 0x00000f4. What made the bug so strange is that it manifested itself after 5,200 hours of use, and it only seemed to affect 64GB models. Nevertheless, firmware revision 0309 is available for all four M4 SSD capacities (64GB, 128GB, 256GB, and 512GB) and includes the following fixes, according to Crucial's release notes: Changes made...
Read more...
