<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>firmware &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/firmware/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Thu, 19 Dec 2024 14:57:58 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Hacking Digital License Plates</title>
		<link>https://noise.getoto.net/2024/12/17/hacking-digital-license-plates/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 17 Dec 2024 17:04:26 +0000</pubDate>
				<category><![CDATA[cars]]></category>
		<category><![CDATA[firmware]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69699</guid>

					<description><![CDATA[<p>Not everything needs to be digital and “smart.” License plates, <a href="https://www.wired.com/story/digital-license-plate-jailbreak-hack/">for example</a>:</p>
<blockquote><p>Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Is this thing on? Using OpenBMC and ACPI power states for reliable server boot</title>
		<link>https://noise.getoto.net/2024/10/22/is-this-thing-on-using-openbmc-and-acpi-power-states-for-reliable-server-boot/</link>
		
		<dc:creator><![CDATA[Nnamdi Ajah]]></dc:creator>
		<pubDate>Tue, 22 Oct 2024 13:00:00 +0000</pubDate>
				<category><![CDATA[firmware]]></category>
		<category><![CDATA[infrastructure]]></category>
		<category><![CDATA[open source]]></category>
		<category><![CDATA[OpenBMC]]></category>
		<category><![CDATA[Servers]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=d8d83c25fc56f57514678ed655487324</guid>

					<description><![CDATA[Cloudflare’s global fleet benefits from being managed by open source firmware for the Baseboard Management Controller (BMC), OpenBMC. This has come with various challenges, some of which we discuss here with an explanation of how the open source nature of the firmware for the BMC enabled us to fix the issues and maintain a more stable fleet.]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Hacking Wireless Bicycle Shifters</title>
		<link>https://noise.getoto.net/2024/08/20/hacking-wireless-bicycle-shifters/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 20 Aug 2024 11:08:19 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[firmware]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Internet of Things]]></category>
		<category><![CDATA[patching]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69278</guid>

					<description><![CDATA[This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement t...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New Windows/Linux Firmware Attack</title>
		<link>https://noise.getoto.net/2023/12/12/new-windows-linux-firmware-attack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 12 Dec 2023 12:01:18 +0000</pubDate>
				<category><![CDATA[BIOS]]></category>
		<category><![CDATA[exploits]]></category>
		<category><![CDATA[firmware]]></category>
		<category><![CDATA[linux]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<category><![CDATA[windows]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68191</guid>

					<description><![CDATA[<p>Interesting attack based on malicious pre-OS <a href="https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/">logo images</a>:</p>
<blockquote><p>LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux….</p>
<p>The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs…...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Deploying firmware at Cloudflare-scale: updating thousands of servers in more than 285 cities</title>
		<link>https://noise.getoto.net/2023/03/10/deploying-firmware-at-cloudflare-scale-updating-thousands-of-servers-in-more-than-285-cities/</link>
		
		<dc:creator><![CDATA[Chris Howells]]></dc:creator>
		<pubDate>Fri, 10 Mar 2023 14:00:00 +0000</pubDate>
				<category><![CDATA[firmware]]></category>
		<category><![CDATA[hardware]]></category>
		<category><![CDATA[security]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=5e230bc245b61e8ed714f55bbcddbcdc</guid>

					<description><![CDATA[We have a huge number of servers of varying kinds, from varying vendors, spread over 285 cities worldwide. We need to be able to rapidly deploy various types of firmware updates to all of them, reliably, and automatically, without any kind of manual intervention.]]></description>
		
		
		<enclosure url="http://blog.cloudflare.com/content/images/2023/03/image2-3.png" length="0" type="" />

			</item>
		<item>
		<title>Another Malware with Persistence</title>
		<link>https://noise.getoto.net/2023/03/10/another-malware-with-persistence/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 10 Mar 2023 01:33:57 +0000</pubDate>
				<category><![CDATA[advanced persistent threats]]></category>
		<category><![CDATA[backdoors]]></category>
		<category><![CDATA[china]]></category>
		<category><![CDATA[firmware]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67035</guid>

					<description><![CDATA[<p><a href="https://arstechnica.com/information-technology/2023/03/malware-infecting-widely-used-security-appliance-survives-firmware-updates/">Here’s</a> a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates.</p>
<blockquote><p>On Thursday, security firm Mandiant published a <a href="https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall">report</a> that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware.</p>
<p>“The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote. “This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>BlackLotus Malware Hijacks Windows Secure Boot Process</title>
		<link>https://noise.getoto.net/2023/03/08/blacklotus-malware-hijacks-windows-secure-boot-process/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 08 Mar 2023 11:11:14 +0000</pubDate>
				<category><![CDATA[firmware]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Operating Systems]]></category>
		<category><![CDATA[patching]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67031</guid>

					<description><![CDATA[<p>Researchers have <a href="https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/">discovered</a> malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.”</p>
<blockquote><p>Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI—short for <a href="https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface">Unified Extensible Firmware Interface</a>—the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 36/154 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-10 11:44:15 by W3 Total Cache
-->