CISO Platform
Social Network For Security Executives: Help Make Right Cyber Security Decisions
5 Major Types Of Hardware Attacks You Need To Know
From a recent webinar, I gathered the very notably important parts into organized sub-parts. This is the first part wherein the major hardware threats and my insights on them are described. Below is the exact portion of the webinar discussing the hardware threats.
Part 1: Major Hardware Attacks
(Read more: Under the hood of Top 4 BYOD Security Technologies: Pros & Cons)
Major Types of Harware Attacks:
1.VMX - Virtual machine Extensions(Instructions on processors with x86 virtualization)
Virtualizations offer 2 levels-
(a.) higher performance & more cost effective eg.Intel
(b.) greater isolation & higher costs eg.IBM
Most of us will use 'a.' vs 'b.' not knowing the underlying threats for the reduced isolation.
2.Bluepill -
A rootkit designed for x86 virtualization. It creates a thin hypervisor/VMM and running the remaining machine virtually. It's almost undetectable, however there was a controversy on this. Hardware assisted virtualization can help malicious software, thus hardware architecture is prime here.
3.Extreme Privilege Escalation
This was demonstrated with modern windows8. Exploitation of platform firmware UEFI using new API (windows 8). Privilege escalation from ring3 to ring0, most privileged level-almost directly communicates with the hardware resources.
4.Stepping p3wns
This attack used resource(printer here) firmware update, that by passes the anti virus at the computer as it's not windows malicious. However when the task is received at printer side, the firmware gets updated to the malicious one. This exploitation enables infecting IP phones etc. which can be a huge concern in 'BYOD' times.
5.Shadow walker(TLB Splitting)
Misuse x86 hardware to hide malware from OS and anti-virus. Infact, even code modifications could not be detected by anti-virus. The flaw-difference between reading the memory and executing it.
(Read more: Hardware Trojans: Sneak Peek into the Future)
For the full-webinar and presentation slide click here
What do you think are the major hardware threats a CISO has to face in practice? Please share in comments below
Join the Discussion ...
Compare 1000+ Security Products
Popular Comparisons
# Manageengine Adaudit Plus -vs- Netwrix Auditor
# Rapid7 Nexpose -vs- Tenable Network Security Nessus
# Algosec Firewall Analyzer -vs- Tufin Orchestration Suite
# Hp Arcsight Siem Solutionarcsight Express -vs- Splunk Enterprise Splunk Cloud Splunk Light
# Cisco Meraki Mx Appliances -vs- Fortinet Fortigate
Trending Product Categories
# Cloud Access Security Broker
# Distributed Denial of Service
# Network Advanced Threat Protection
Quick Links
Follow us
© 2019 Created by CISO Platform.
Powered by
Badges | Report an Issue | Privacy Policy | Terms of Service
You need to be a member of CISO Platform to join the discussion!
Join CISO Platform