The vulnerability of Thunderbolt devices’ microcontrollers stems from the use of a weak authentication scheme for the device. This allows attackers to gain direct access to the memory of the computing device, which is connected to Thunderbolt interfaces.

The vulnerability of Thunderbolt device microcontrollers is related to the use of a weak authentication mechanism for devices. Exploiting this vulnerability can allow attackers to gain direct access to the memory of computing devices, to which Thunderbolt devices are connected...

ThunderSpy

A combination of vulnerabilities for the Thunderbolt protocol have been announced that allow a malicious actor to access most machines with a Thunderbolt port and bypass security restrictions on the device. Recent assessments: agalauner-r7 at May 11, 2020 4:37pm UTC reported: The risks of DMA...

STMicroelectronics STM32F1 Information Disclosure Vulnerability

The STMicroelectronics STM32F1 is an ARM Cortex M3-based 32-bit microcontroller from STMicroelectronics, Switzerland. An information disclosure vulnerability exists in the STMicroelectronics STM32F1 that stems from improper access control. An attacker could exploit the vulnerability to gain acces...

The vulnerability of the embedded microcontroller’s consumer driver, Intel Management Engine, and the microprogramming software Intel Trusted Execution Engine (TXE), allows a perpetrator to enhance their privileges.

The vulnerability of the embedded microcontroller’s consumer driver, Intel Management Engine for Windows, and Intel Trusted Execution Engine TXE software, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2018-18056

An issue was discovered in the Texas Instruments TI TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory XOM implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash...

Buffer overflow

An issue was discovered in the Texas Instruments TI TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory XOM implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash...

CVE-2018-18056

The CVE-2018-18056 entry concerns TI TM4C, MSP432E and MSP432P microcontroller series. The issue stems from the eXecute-Only-Memory (XOM) implementation, which prevents code reads on protected memory by using bus faults, yet allows single-step/breakpoint use in XOM-protected flash. This enables a...

CVE-2018-18056

An issue was discovered in the Texas Instruments TI TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory XOM implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash...

The vulnerability of the SCALANCE X switch’s microprogramming software, related to incorrect data storage formatting, allows a intruder to restore passwords.

The vulnerability of the SCALANCE X microcontroller’s software is related to incorrect storage of user credentials. Exploiting this vulnerability could allow an intruder to retrieve passwords from the device access to the device’s configuration files is required...

Walkthrough. Investigating an SSD

I had an interesting job come in. A client wants the data off a dead SSD, and it’s a model that regular data recovery companies won’t deal with, an SK Hynix drive. It’s used extensively on many Dell laptops. The drive is NVMe which means it uses several PCIe lanes for communication. First things...

Cryptocurrency Wallet Hacks Spark Dustup

LEIPZIG, GERMANY – Hardware based cryptocurrency wallets may not be as secure as promised. That’s the judgement of Dmitry Nedospasov, Thomas Roth and Josh Datko who together presented their research at a session here at the 35c3 conference called “wallet.fail.” In the talk the researchers...

CVE-2018-11986

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver...

Buffer overflow

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver...

CVE-2018-11986

CVE-2018-11986 : The vulnerability affects Android releases under CAF using the Linux kernel, specifically in the camera subsystem’s microcontroller FIFO (TX/RX) handling that exchanges commands between Micro FW and the CPP driver. The issue is a possible buffer overflow in these FIFOs. The NVD e...

CVE-2018-11986

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver...

Ghost hardware. Device No.2, the Boo Buddy

The “Boo Buddy” is sold as a “trigger object” with a wide range of internal functionality such as EMF, motion and temperature detection. It’s a “trigger object”, in the sense that it is designed to evoke the spirits of children, who might be drawn in by the presence of a toy. Many people have...

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

A pair of researchers have developed an attack method that can bypass mitigations for cold-boot attacks on laptops. A physical attacker can compromise a laptop that’s in sleep mode, potentially lifting sensitive passwords, encryption keys and other information. The ramifications are, on the...

PT-2018-16228 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1013 Description: An exploitable permanent denial of service issue exists due to the firmware upgrade functionality retrieving signed firmware binaries using plain HTTP requests. The device does not check the type of...

Modern OSs for embedded systems

At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems or, in other words, the internet of things. Our primary interest is how and to what degree these OSs can solve...

BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4)Vulnerability

Description of FUZE Card FUZE is an IoT device the size, shape, and thickness of a normal credit card. You program credit cards into it via Bluetooth BLE using a smart phone app. When you go to pay, you use the buttons and e-Paper display to select which card to emulate. The magnetic stripe...