{"id":11187,"date":"2016-12-08T09:03:56","date_gmt":"2016-12-08T09:03:56","guid":{"rendered":"https:\/\/evosec.eu\/?p=11187"},"modified":"2016-12-08T09:04:34","modified_gmt":"2016-12-08T09:04:34","slug":"next-level-updating-devices-malware-infected-firmware","status":"publish","type":"post","link":"https:\/\/evosec.eu\/fr\/next-level-updating-devices-malware-infected-firmware\/","title":{"rendered":"Next level: updating devices with malware-infected firmware?"},"content":{"rendered":"<p>A new article that appeared on motherboard.vice.com (<a href=\"http:\/\/motherboard.vice.com\/read\/hacker-claims-to-push-malicious-firmware-update-to-32-million-home-routers\">Hacker Claims To Push Malicious Firmware Update to 3.2 Million Home Routers <i class=\"fa fa-external-link fa-fw\" aria-hidden=\"true\"><\/i><\/a>) talks about a new type of attack: devices that are being abused via their update mechanism to host a malware-infected (let&rsquo;s call it malware for now) firmware.<\/p>\n<p>Impossible? Not really. Of course, some of the problems that might appear are: How do you pair the device with the \u00ab\u00a0right\u00a0\u00bb firmware? How do you rebuild the malware-infected firmware? <\/p>\n<p>But the most important question: doesn&rsquo;t the device (or the manufacturer) use a rather strong security mechanism to certify that the firmware is indeed legit? If it does, maybe it&rsquo;s time to update it. If not&#8230; well, trouble ahead!<\/p>\n<p>Anyway, it&rsquo;s not really a case of \u00ab\u00a0trash the device\u00a0\u00bb, rather a case of painfully (and costly) ways to identify and disinfect it. <\/p>\n<p>But&#8230; does this look like the dawn of ransomware-vulnerable-devices? Yes, sure it does. Just wait for it&#8230; or better not, and be prepared.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Impossible? Not really. Of course, there are some small problems that might appear. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"link","meta":{"footnotes":""},"categories":[98,932,947,99],"tags":[984,223],"class_list":["post-11187","post","type-post","status-publish","format-link","hentry","category-iot-newsupdates","category-iot-security","category-it-security","category-it-security-newsupdates","tag-firmware","tag-ransomware","post_format-post-format-link"],"translation":{"provider":"WPGlobus","version":"3.0.2","language":"fr","enabled_languages":["en","da","de","es","fi","fr","it","hu","nl","no","pl","pt","ru","sv"],"languages":{"en":{"title":true,"content":true,"excerpt":true},"da":{"title":false,"content":false,"excerpt":false},"de":{"title":false,"content":false,"excerpt":false},"es":{"title":false,"content":false,"excerpt":false},"fi":{"title":false,"content":false,"excerpt":false},"fr":{"title":false,"content":false,"excerpt":false},"it":{"title":false,"content":false,"excerpt":false},"hu":{"title":false,"content":false,"excerpt":false},"nl":{"title":false,"content":false,"excerpt":false},"no":{"title":false,"content":false,"excerpt":false},"pl":{"title":false,"content":false,"excerpt":false},"pt":{"title":false,"content":false,"excerpt":false},"ru":{"title":false,"content":false,"excerpt":false},"sv":{"title":false,"content":false,"excerpt":false}}},"_links":{"self":[{"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/posts\/11187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/comments?post=11187"}],"version-history":[{"count":3,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/posts\/11187\/revisions"}],"predecessor-version":[{"id":11190,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/posts\/11187\/revisions\/11190"}],"wp:attachment":[{"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/media?parent=11187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/categories?post=11187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/tags?post=11187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}