New hardware and software security flaws seem to appear on a daily basis. This time, web application security experts from security firm SafeBreach Labs, specializing in cyberattack simulation, report the finding of a critical vulnerability in Open Hardware Monitor, a free open source tool to monitor temperature, fans speed and voltage in computer hardware components.
This is the second critical security flaw found by this firm in just a couple of months. As reported, millions of devices from various manufacturers use this tool as part of their monitoring systems, mainly Touchpoint Analytics, from the company HP.
According to web application security specialists, if exploited, this vulnerability would allow a threat actor to take control of the compromised machines to access and write in the device’s memory, among other malicious activities.
Itzik Kotler, of SafeBreach Labs, mentions in his report: “These kinds of flaws are highly dangerous, as hackers could attack supply chains to compromise highly reliable developments, leaving millions of users exposed.” The expert notes that in addition to releasing patches, this vulnerability should serve as a warning about how easily a vulnerable party can be compromised in an IT system: “We must continue to work so as not to be left behind cybercriminals,” he added.
Regarding the compromised tool, HP Touchpoint Analytics is included as the default monitoring component on most computer equipments (whether laptops or desktops) of the company running Windows operating system. HP has already released patches to fix this flaw; however, web application security specialists believe that all computer equipments using Open Hardware Library could be exposed.
The main attack scenarios are application blacklist and signature validation bypasses. Attackers must load and execute malicious code using a signed service, which would prevent detection of the malicious payload and allow its execution, specialists mention. In addition, using the Open Hardware Monitor driver, which has the highest level of privileges on the operating system, an attacker can exploit this failure to access the hardware’s memory.
The vulnerability was reported in a timely manner to the company, and a proof of concept was revealed for its exploitation after the development of the necessary update patches was completed.
International Institute of Cyber Security (IICS) web application security specialists mention that supply chain attacks are one of the main threats that companies with millions of users like HP, may face as Hackers abuse reliable, standardized-use components to gain persistence on the compromised system and avoid detection, even for years, to finally access with high privileges and deploy the final stage of their attacks.