New hardware and software security flaws seem to appear on a daily basis. This time, web application security experts from security firm SafeBreach Labs, specializing in cyberattack simulation, report the finding of a critical vulnerability in Open Hardware Monitor, a free open source tool to monitor temperature, fans speed and voltage in computer hardware components.
This is the second critical security flaw found
by this firm in just a couple of months. As reported, millions of devices from
various manufacturers use this tool as part of their monitoring systems, mainly
Touchpoint Analytics, from the company HP.
According to web application security
specialists, if exploited, this vulnerability would allow a threat actor to
take control of the compromised machines to access and write in the device’s
memory, among other malicious activities.
Itzik Kotler, of SafeBreach Labs, mentions in
his report: “These kinds of flaws are highly dangerous, as hackers could
attack supply chains to compromise highly reliable developments, leaving
millions of users exposed.” The expert notes that in addition to releasing
patches, this vulnerability should serve as a warning about how easily a
vulnerable party can be compromised in an IT system: “We must continue to
work so as not to be left behind cybercriminals,” he added.
Regarding the compromised tool, HP Touchpoint
Analytics is included as the default monitoring component on most computer equipments
(whether laptops or desktops) of the company running Windows operating system.
HP has already released patches to fix this flaw; however, web application
security specialists believe that all computer equipments using Open Hardware
Library could be exposed.
The main attack scenarios are application
blacklist and signature validation bypasses. Attackers must load and execute
malicious code using a signed service, which would prevent detection of the
malicious payload and allow its execution, specialists mention. In addition,
using the Open Hardware Monitor driver, which has the highest level of privileges
on the operating system, an attacker can exploit this failure to access the
hardware’s memory.
The vulnerability was reported in a timely
manner to the company, and a proof of concept was revealed for its exploitation
after the development of the necessary update patches was completed.
International Institute of Cyber Security
(IICS) web application security specialists mention that supply chain attacks
are one of the main threats that companies with millions of users like HP, may
face as Hackers abuse reliable, standardized-use components to gain persistence
on the compromised system and avoid detection, even for years, to finally
access with high privileges and deploy the final stage of their attacks.
