Reports on the detection of new vulnerabilities are constantly appearing, affecting multiple commonly used and specialized technology developments and products. One of the most recent vulnerability testing reports refers to the way some laptops use memory, a feature that could be abused by hackers to execute malicious code on the target system.
These flaws are based on Direct Memory Access
(DMA), a processing efficiency approach found in most modern laptops. This
feature allows users to read and write directly to the device’s memory,
optimizing the function of hardware components and the use of peripheral
devices, although it exposes memory to a large number of attacks.
Although the industry established as standard
practice the manufacture of trusted hardware, these measures have not yet
become widespread in the laptop market, which poses a serious security threat
to users. Recently, a vulnerability testing team from firm Eclypsium released a
report detailing a method to abuse this feature on two different laptops,
manufactured by HP and Dell.
One of the most serious features regarding this
report is the ability to trigger these attacks by simply connecting a
peripheral device to the potentially vulnerable computer.
For example, on the attack laptop (model XPS
13), the researchers managed to abuse a default BIOS configuration that enabled
some modules for the use of the Thubderbolt interface, connected via USB to the
target device, to inject code malicious in the boot process. The vulnerability
was tracked as CVE-2019-18579; Dell released a BIOS update for
On the other hand, on the analyzed HP laptop
(model ProBook 640 G4) vulnerability testing experts had to open the machine,
since this model has a feature that prevents unauthorized code injection at
startup. The complexity of this attack
is greatly increased by the need for physical access and knowledge about the
physical structure of the device.
After opening the laptop, the experts replaced
the M.2 wireless card with a XIlinx SP605 FPGA development platform, which was
later connected to an attacking machine. This attack depends on modifying the
system memory during the boot process, bypassing the pre-installed security
features on the device. HP also fixed this flaw through a BIOS update.
It is highly likely that other options in the
laptop market will also be vulnerable to these attacks, so manufacturers are
advised to monitor potential attack campaigns and prepare security updates as
soon as possible.