According to a security company investigation Eclypsium, the devices USB that users use can make their computers vulnerable to cyber criminals trying to steal their data. This is due to the fact that many peripheral devices are based on Linux and Windows, there is non-certified firmware, which often paves the way for many types of attacks, including spyware, ransomware etc. A firmware is considered unverified when manufacturers have not entered a validation key into it. This can allow malicious code to be inserted during download and installation drivers or updates from manufacturers.
According to research conducted by the company, many devices trackpads, USB, adapters Wi-Fi and cameras used on computers manufactured by Dell, HP, HP, and Dell Lenovo and other manufacturers, contain such firmware. The company demonstrated its research through demonstrations, using each product from the three large companies, to show an attack that could take place on a server, using network interface cards containing unverified firmware. As it turned out, when the firmware is infected on any device, it becomes impossible for any antivirus to detect malware. Despite this, peripheral manufacturers do not adopt the introduction of certified firmware, leaving millions of Linux and Windows systems exposed.
Devices that contain this firmware are vulnerable to attacks, which can extract data and interrupt the devices that affect them, or even carry out ransomware attacks. Such incidents are detrimental to the proper functioning and security of business devices, including drives, network cards, and other peripheral devices.
Unfortunately, this problem cannot be fixed unless manufacturers remove the non-certified firmware. Many companies update their devices to avoid threats, but there are many who still leave their devices exposed. However, the users should keep in mind that even after updating the devices, they will have to download and install the devices themselves, which is not easy. Users should check Appliances for non-certified firmware and drivers, as there is still no solution to the problem. Here are the steps to check the devices:
- Go to the menu Start Windows.
- Then look for it Device Manager and execute it.
- Then right-click on a device.
- Then press “Properties".
- Now you need to go to the tab "driver”And then you will find a tab labeled“Digital Signer".
- There you will see whether the device is registered as not certified or not.
- Then go to “Driver details”And click on it. A window will appear listing the driver programs installed for that device.
- You'll see certified devices appear with a certification icon.