Vulnerabilities expose Supermicro servers to virtual USB-Attacks

A report by network security experts states that threat actors are able to exploit some recently found vulnerabilities in remote management devices to insert a virtual storage drive into a target system; In other words, using this method of attack the hackers can turn any USB device into a virtual Trojan.

The experts, members of security firm Exlypsium, have reported some vulnerabilities present in some Supermicro baseboard management drivers (BMD), which are special processors installed on some motherboards for ensure that users are protected at the hardware level remotely.

This kind of protection is required when system administrators require some activities such as loading old software to a server from a CD, or upgrading an operating system from an image to an external hard drive. These controls facilitate these activities and do not require connecting anything physically to the server, mentioned by network security specialists.

When administrators want to virtually connect a USB device to the server, they typically use virtual media web applications from any location taking advantage of hardware access controls. However, experts found that the protections enabled in this process are vulnerable to multiple types of cyberattacks. “A system can incorrectly store legitimate administrator logins, allowing the next user to enter any credential and gain access” the experts mentioned. In addition, the researchers mentioned that the error persists even if the login page unexpectedly closes, in this case, attackers can attempt to access with Supermicro default login credentials, as administrators often skip changing them.

The company was notified of these vulnerabilities last June. In response, Supermicro released some firmware updates for all drivers for affected baseboard management controllers. “We want to thank the researchers for reporting these vulnerabilities; new versions of the BMC software will address the reported flaws,” a company spokesman said. However, experts note that these updates can take time to reach all users, so many are likely to still be exposed to these flaws.

According to network security experts, the complex part of this attack for hackers is to access an internal network,if they accomplish it, hacking a BMC is a much easier step. In addition, the cybersecurity community had not considered hacking a BMC as a real risk to a company’s operations, until now.

However, this is not the first research of its kind. About a year ago, network security experts from the International Institute of Cyber Security (IICS) reported that multiple Supermicro baseboards around the world were exposed to the installation of a physical backdoor supposedly designed and installed by the Chinese government for espionage purposes against some American tech companies and government institutions, like intelligence agencies. The company, like some of its competitors, denied the accusations, but it has not ceased to worry thousands of experts around the world.