Dozens, perhaps hundreds of other devices use at least one of those components. Of course, those are only the specific models that Eclypsium happened to look at. "In many cases, the underlying problem in a device or product line can't be fixed at all, meaning that all of the devices in that product line will continue to be vulnerable throughout their lifetime." Just the tip of the iceberg "If the component wasn't designed to check for signed firmware, it often can't be fixed with a firmware update. "Unfortunately, the problems posed by unsigned firmware are not easy to fix," Eclypsium said. HP has created a patch for its webcam vulnerability (opens in new tab), which you can download from HP's support website.Īs for the Dell Wi-Fi chipset, Eclypsium notified both Microsoft and Qualcomm, who promptly tried to pass the buck to each other.Įclypsium dryly noted that "the responsibility remains unclear and as we have seen often goes unaddressed altogether." You'll just have to live with vulnerable trackpads. Lenovo told Eclypsium that it had no way to fix the trackpad issue in its current laptops. and the Dell laptop, whose Wi-Fi card, made by Rivet Networks and provisioned by Qualcomm, accepts unverified firmware updates even though Windows 10 goes through the trouble of verifying the updates before they're loaded.the HP Spectre x360 Convertible 13-ap0xxx laptop line, whose webcam is made by SunplusIT, also doesn't verify its firmware updates and can be hacked by malicious USB drives.the Lenovo ThinkPad X1 Carbon (6th Gen) laptop which uses a vulnerable trackpad made by Synaptics that doesn't verify its own firmware updates.Models proven to be vulnerable to these peripheral firmware flaws include:
0 kommentar(er)
