ACG-CYBER SECURITY BULLETIN NR 381: How to Stay Safe from the Dangers of Email Spoofing

Posted on February 20, 2025

Reference Number ACG-CSB 021725381

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Firmware vulnerabilities are weaknesses or flaws in the low-level software, known as firmware, that controls hardware devices. To fully understand the Firmware vulnerabilities, an illustration of firmware is explained. On a router, the firmware is stored on an internal flash memory chip, which is similar to non-volatile storage or permanent memory in other devices. This chip holds the router’s firmware permanently, even when the router is powered off. The firmware on a router controls essential networking functions, including managing data traffic, handling wireless connections, and configuring security settings such as firewall rules. When a user accesses a router’s settings through an IP address, they are interacting with the firmware interface.

Firmware operates below the main operating system, managing essential functions. When a vulnerability exists in firmware, it provides a pathway for attackers to bypass regular security measures, gain deep access to the hardware, and potentially install malware that is very difficult to detect and remove. For example, an attacker identifies a router with outdated firmware and exploits a known vulnerability to gain administrative access. Once in control, they intercept network traffic to capture sensitive data and install a backdoor for ongoing access. They may also disable logging to avoid detection, using the compromised router as a launchpad for further attacks on connected devices, highlighting the serious risks of unpatched firmware vulnerabilities.

For small businesses, firmware vulnerabilities pose serious risks that can disrupt operations and compromise sensitive data. Many small businesses rely on routers, printers, and other networked devices that run on firmware, often without realizing the potential security risks they pose. An attacker locates a networked printer running outdated firmware with a known vulnerability, leveraging it to gain unauthorized control over the device. This access enables them to intercept and capture sensitive documents, install persistent malware, or establish a backdoor for continued network access. With the compromised printer as an initial access point or entry position within a target network, the attacker can expand their intrusion to target other critical systems within the network. Additionally, they could disable printing functions or deploy ransomware tactics, underscoring how unpatched firmware in networked devices can lead to serious data breaches and operational disruptions in professional environments.

Firmware vulnerabilities also affect ordinary individuals, especially as smart home devices like smart cameras, smart refrigerators and smart speakers become more common. Cybercriminals can exploit vulnerabilities in these devices to invade personal privacy, eavesdrop on conversations, or gain access to home networks. For example, if a smart camera’s firmware is compromised, an attacker could spy on a home remotely without the user knowing. Additionally, attackers can use vulnerable home routers to gain access to all connected devices, leading to identity theft or unauthorized purchases. Since many home users are unaware of the need to update firmware, they become easy targets for cybercriminals looking for vulnerable entry points. This scenario demonstrates how unpatched firmware vulnerabilities in IoT devices can lead to privacy invasion and wider network risks.

To protect against these risks, individuals and small business owners should take precautions with all connected devices. Regularly checking for and applying firmware updates is crucial, as these updates often include patches for known vulnerabilities. Understanding firmware vulnerabilities and other emerging cyber threats is essential for anyone looking to protect their digital assets and privacy. As technology evolves, so do the methods used by cybercriminals to exploit it. Staying informed about the latest cybersecurity risks, like firmware vulnerabilities, empowers small business owners and individuals to take proactive steps in safeguarding their devices and data.

RECOMMENDATION

Here are cybersecurity tips to help individuals and small business owners protect against firmware vulnerabilities:

Regularly update the firmware on all devices, including routers, smart home gadgets, and printers, to ensure security patches are applied promptly.
Change the default passwords on devices to strong, unique passwords to prevent unauthorized access.
Disable any unused features, especially remote access, to minimize entry points for attackers.
Restrict physical access to essential hardware like routers, as physical access can allow attackers to manipulate firmware.
Choose devices from reputable brands known for security and regular firmware updates, and check for security certifications and reviews.

For additional information, please refer to the following websites:

https://www.fortinet.com/resources/cyberglossary/what-is-firmware
https://sternumiot.com/iot-blog/firmware-security-key-challenges-and-11-critical-best-practices/
https://www.eccouncil.org/cybersecurity-exchange/penetration-testing/firmware-security-risks-best-practices/

POINT OF CONTACT

Please contact PLTCOL JERRY V EMPIZO, Officer-In-Charge, Cyber Security Unit, thru e-mail address csradacgroup@gmail.com or contact us by telephone number (632) 723-0401 local 7488 for any inquiries related to this CYBER SECURITY BULLETIN.