Newly discovered supply chain attack vector on commonly-used open-source hardware diagnostics systems could expose users to a major security risk.
SafeBreach, the leader in Breach and
Attack Simulation (BAS), today announced that its SafeBreach Labs research team
had discovered a critical security vulnerability in Open Hardware Monitor, a
free open source software program that monitors temperature sensors, fan
speeds, voltages, load and clock speeds of a computer. Tens of millions of
computers use Open Hardware Monitor as part of monitoring systems, including HP
Touchpoint Analytics. The critical vulnerability was the second of its type
found by SafeBreach Labs during the past four months. Previously, SafeBreach
Labs discovered a vulnerability in PC-Doctor, a monitoring and diagnostics
packaged licensed to Dell and other major OEMs, that is run on hundreds of
millions of systems. Both offer attackers the capability to take over machines
and read and write to device memory, among the most serious types of security
types of vulnerabilities are alarming because they indicate the ease with which
malicious hackers could mount supply-chain attacks targeting and breaching
highly trusted elements of our software ecosystem,” says Itzik Kotler, CTO and
Co-Founder at SafeBreach. “And this should be a clear signal to security teams
that they need to increase their frequency of testing and analysis of their
security envelope in order to match the pace of criminals who are constantly
innovating ways to hack into the most vulnerable parts of IT systems.”
TouchPoint Analytics ships as a default monitoring component of most HP Windows
laptops and desktops. HP
patched the vulnerability but
SafeBreach researchers believe that any machine using the Open Hardware
Library was at risk.
A number of potential attacks could result from exploiting this vulnerability giving attackers the ability to load and execute malicious payloads using a signed service, effectively whitelisting those applications. This capability for “Application Whitelisting Bypass” and “Signature Validation Bypassing” might be abused by an attacker for different purposes such as execution and evasion, to name two. Using Open Hardware Monitor’s driver, which has the highest level of privileges in the operating system, an attacker can exploit this vulnerability and will be able to read and write to hardware memory.
This is only the latest instance of
supply-chain attack vectors, which are among the most dangerous because they
compromise trusted components and allow for attackers to go months or years
unnoticed enjoying privileged access to devices and systems without being
discovered. SafeBreach Labs filed a vulnerability report and has added this
instance to its industry-leading Hacker’s Playbook, the largest compendium of
attack types. The Hacker’s Playbook contains over 7,000 breach methods, all
generated in programmatically addressable formats that are accessible via API.
This research is part of SafeBreach’s ongoing efforts to continuously test the
most critical assets in the software supply chain for vulnerabilities and
weaknesses to further the broader goal of enhanced cybersecurity for all.