Be careful what you do with your BRIX as two rather unpleasant vulnerabilities were disclosed at a recent BlackHat event. Gigabyte did not implement two security features which these exploits take advantage of, there is no write protection on the UEFI firmware nor a system of cryptographic signatures on UEFI firmware files which can let any file update the UEFI. While the proof of concept demonstration only prevented the infected BRIX from booting again, this could also be used to infect your machines UEFI quietly and in a way extremely difficult to repair, you would need a UEFI update that wrote over every sector of the firmware to ensure you removed the bugs. Pop by Slashdot for more on this depressing topic.
"Last week, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware."
Here is some more Tech News from around the web:
- A moment of Zen with David Kanter: The TR Podcast 190
- Microsoft Finally Reveals What Data Windows 10 Really Collects @ Slashdot
- How to Trick Your Electrical Meter By Saving Power @ Hack a Day
- Scientists develop self-healing material for smartphone displays and lithium-ion batteries @ The Inquirer
- Google's video recognition AI is trivially trollable @ The Register
- It's 30 years ago: IBM's final battle with reality @ The Register
The Android Phone Broadcom
The Android Phone Broadcom wifi chip(1) story is more of worry because I have a Samsung phone but it’s not a flagship phone. And the FTC and the FCC need to require that all smart-phone makers list every chip on the phone and that chip’s ODM/Maker. And The Android OS needs to have a top level button to really disable all the Wifi options in all the Apps at once because just disabling the Wifi does not stop the Wifi from passing MAC frames to any wifi in the area even with the wifi “Software disabled”. I’d pay extra for a smart phone with a hardware switch that disables the wifi antenna.
And all phones should be able to push updates to even phones without data plans. My old feature flip-phone’s GSM(Only) stopped working reliably on T-Mobile’s GSM network so I had to purchase a smart phone to get a device that even offered G3 connectivity(My Samsung smart phone offers G4 also). Because I have a legacy prepaid plan from when I purchased the feature flip-phone so that service and the phone number was transfered over to the smart phone without any data plan.
Does anyone know if the Samsung On5 uses the Broadcom wifi chip?
I just want a phone to make phone calls and I wish that T-Mobile will start selling Flip-Phones with that new chip from Qualcomm. Qualcomm is launching a new feature phone chip(2) the Snapdragon 205 and I’ll galdly pay $150.00 for a new Flip phone with a dumb phone OS that does not need to be updated like Android(all the time with security problems) smart phones do becaue of security issues. Dumb OS runnning feature flip phone’s with G3 and above cell radios are as rare as hen’s teeth.
(1)
“Android devices can be fatally hacked by malicious Wi-Fi networks
Broadcom chips allow rogue Wi-Fi signals to execute code of attacker’s choosing.”
https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/
(2)
“Qualcomm launches the Snapdragon 205, a high-end low-end SoC
Feature phones just got a huge helping of new features”
http://semiaccurate.com/2017/03/20/qualcomm-launches-snapdragon-205-high-end-low-end-soc/