{"id":2515,"date":"2010-04-03T11:25:16","date_gmt":"2010-04-03T15:25:16","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/?p=2515"},"modified":"2022-12-30T12:47:25","modified_gmt":"2022-12-30T17:47:25","slug":"nics-latest-threat-to-pcs","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/nics-latest-threat-to-pcs\/","title":{"rendered":"NICs Latest Threat to PCs"},"content":{"rendered":"

\"NICsThe latest malware attack vector is the network interface card (NICs). According to a post<\/a> at Gizmo\u2019s Freeware<\/a>, two separate presentations at the CanSecWest international security conference<\/a>\u00a0demonstrated exploits utilizing network cards. The article reports that both exploits focused on Broadcom<\/a>\u00a0(AVGO<\/a>) NIC’s.<\/p>\n

\"\"<\/a>The post reports that in at least one of the demo\u2019s the researcher used the Broadcom remote factory diagnostic mechanism to install custom firmware on the network card. The researcher used the compromised firmware to create a tunnel into the PC in such a way that packets sent via the tunnel were not visible to the system firewall. Using the network card\u2019s access to memory,\u00a0 the attacker could then run whatever code he wanted.<\/p>\n

HP uses the vulnerable NICs in PCs<\/h3>\n

HP<\/a>\u00a0(<\/a>HPQ<\/a>)<\/a> uses the vulnerable Broadcom NICs in many PCs. In response, the HP Software Security Response Team has released a Security Bulletin (Document ID: c02048471<\/a>) \u201cHP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code.\u201d In the bulletin, HP says this information should be acted upon as soon as possible.<\/p>\n

H\"\"<\/a>P has made softpaq SP47557<\/a> available to resolve the vulnerability. In the bulletin, HP says the following models contain the Broadcom Integrated NIC firmware<\/p>\n