Des spécialistes d’ESET développent une méthode d’apprentissage automatique pour découvrir des nouvelles menaces dans l’environnement UEFI

La sécurité UEFI (Unified Extensible Firmware Interface) est, depuis plusieurs années déjà, un sujet d’actualité. Mais en raison de diverses limitations, très peu de malwares présents dans l’environnement UEFI ont été découvert jusqu’ici. Après avoir découvert le premier rootkit UEFI ‘in-the-wild’, connu sous le nom de LoJax, les spécialistes d’ESET se sont mis à développer un système qui leur permettrait d’explorer le vaste paysage UEFI de manière efficace tout en repérant  de façon fiable les menaces UEFI inconnues et émergentes.

Trouver du malware comme LoJax est rare - il y a des millions d’exécutables UEFI ‘in the wild’ et il n’y a qu’une petite partie qui est malveillante.  « Rien qu’au cours des deux dernières années, nous avons vu plus de 2,5 millions d’exécutables UEFI uniques sur un total de 6 milliards, » explique Filip Mazán, ingénieur en logiciels chez ESET, qui a travaillé au développement du système d’apprentissage automatique.

Avec les données de télémétrie récoltées par le scanner UEFI d’ESET, les spécialistes en apprentissage automatique et les chercheurs en malware de la société ont conçu un pipeline pour traiter les exécutables UEFI en utilisant l’apprentissage automatique pour détecter les anomalies dans les échantillons entrants. « Pour réduire le nombre d’échantillons requérants l’attention humaine, nous avons conçu un système ‘sur mesure’ mettant en évidence les échantillons aberrants en trouvant les caractéristiques inhabituelles dans les exécutables UEFI, » ajoute Mazán.

Pour preuve, les chercheurs ont testé le système développé sur des exécutables UEFI suspects et malveillants qui n’avaient pas encore été inclus dans le dataset et plus particulièrement le pilote UEFI de LoJax. Avec succès, le système a conclu que le pilote LoJax est fort différent de tout ce qui avait été vu jusqu’alors. « Ce test réussi nous a donné la confiance nécessaire qui, au cas où une autre menace similaire émergerait, nous permettrait de l’identifier comme une bizarrerie, de l’analyser rapidement et de créer, si nécessaire, un système de détection, » commente Mazán.

En plus de démontrer de fortes capacités d’identification d’exécutables UEFI suspects, l’approche ‘apprentissage automatique’ a prouvé qu’elle réduisait la charge de travail des analystes d’ESET d’environ 90% (s’ils devaient analyser chaque échantillon entrant). Puisque chaque nouvel exécutable UEFI entrant est ajouté au dataset, traité, indexé et pris en compte pour les échantillons entrants par la suite, la solution permet une surveillance en temps réel du paysage UEFI.

En utilisant ce système pour rechercher les menaces UEFI, les chercheurs d’ESET ont découvert de nombreux composants UEFI intéressants qui peuvent être classés en deux catégories :  les « backdoors » (portes dérobées) UEFI et les modules persistants au niveau du systèmes d’exploitation. « Alors que notre pipeline de traitements des exécutables UEFI n’a pas encore réussi à trouver de nouveaux malwares UEFI, les résultats obtenus jusqu’à présent sont prometteurs » déclare Jean-Ian Boutin, chercheur senior en malware chez ESET.  La découverte la plus remarquable est la porte dérobée ASUS : une porte dérobée d’un microprogramme UEFI, trouvée sur plusieurs modèles de laptops ASUS. Celle-ci a été corrigée par ASUS dès qu’ESET le lui a notifié.

Pour en savoir plus au sujet de ces recherches faites par ESET, visitez “Needles in a haystack: Picking unwanted UEFI components out of millions of samples”, sur le blog post 

www.WeLiveSecurity.com.

Pour plus d’information sur l’offre de sécurité d’ESET et l’e-book gratuit, rendez-vous sur https://www.eset.com/be-fr/professionnels/data-protection-ebook/

Inside consumer perceptions of security and privacy in the connected home

The ESET Survey polled 4.000 people to get a sense of their attitudes towards the privacy and security implications of smart home technology

When most people think of home security, locks, alarms and big dogs come to mind. Substitute security with privacy, and images of curtains and blinds, or unlisted phone numbers spring to mind. While those are all (still) valid, over the last decade of digitalization, we have seen “the home” – long regarded as a refuge for privacy and safety – transformed into a battleground over what is private and secure. To recognize these shifts, ESET decided to focus on the “Protect IT” component during the 16^th annual National Cybersecurity Awareness Month and, together with the National Cyber Security Alliance (NCSA), carried out a survey to uncover where people in the United States and Canada stand with the main themes connected to protection.

In the time it took for modems to give way to routers, and routers to then broadcast Wi-Fi, our identities as residents and as digital citizens have moved considerably closer together. And now, as IoT and the wider explosion in numbers of smart devices and attached services that have followed enter homes en masse, another reimagining of home, privacy and security unfolds.

So, how do North Americans see their “homes” and what makes them safe and secure? If that answer doesn’t involve digital, then trouble could be ahead. Take a quick look at our recent poll results to get a picture of the digital home in the popular imagination.

Home entertainment

Ditching VHS and DVDs for streaming has enabled us to binge watch more effectively than ever before. In our poll of 4,000 respondents (2,000 Americans and 4,000 Canadians), 25% streamed via Apple TV or Roku, 17.9% on a connected (smart) TV, and 23% via their mobile device, with PC users adding in another 16.7%. But amidst all the juicy content, is there space for viewers to think about security?

We asked whether respondents were concerned that connected TVs could be targeted by cybercriminals – allowing them to remotely access or control the TV from the internet? The results were stark. Roughly 21% had concerns, while 41.6% didn’t worry about it despite the fact that there are valid concerns about connected TVs being targeted by cybercriminals. For example, TVs can fall prey to ransomware and coinminers like ADB.Miner which hijacked the computing power of thousands of Android devices.

Devices don’t judge

While some of us successfully segregate our business and personal devices, ultimately it is their polyfunctionality that makes all of them useful for so many tasks. In either case, when using either business or personal devices at home, most of us leverage our home network that traces to the router. But have you ever wondered if it is safe and private?

Only 40% in the survey changed their default router credentials during the initial setup at home. When default usernames and passwords for routers are one-click away from discovery with a Google search, these are open networks ripe for easy plunder. Guarding the heart of your home network – your router – is an indispensable step before even thinking about the security settings of each connected IoT device.

Many may not even realize that their home router may be providing a separate public Wi-Fi network for their ISP’s travelling customers. Around 37% of respondents in the survey certainly didn’t know. So, it’s like we said, devices don’t judge. It’s up to you, the home user, to think about listing off all your connected devices at home and what you can do to keep safe, starting from the router up.

With your router central to the connected home you are building, whether accidentally or not, you are also likely adding new technologies and risks to the sanctuary of your home. Along with your very powerful mobile computer aka smartphone, you may have wanted to try out a few, more recently introduced devices?

Enter smart thermostats, smart speakers and… home assistants. While these items began marching into homes as early as 2007, with the Ecobee smart thermostat, concerns and competitors were not far behind. However, until the introduction of home assistants, like Alexa, which can communicate with multiple smart home devices, impacts were mostly theoretical. The conversation has now become much more realistic as many cases of devices giving away location data, listening and recording, or taking actions without consent have been documented.

Among users of these devices, concern seemed muted as only around 30% of both our U.S. and Canadian respondents felt affected by these issues, almost equal with 26% of U.S. respondents who claimed they were unconcerned. Canadians unconcerned with these issues amounted to approximately 21%, with 43% reporting that they do not own these device types.

While device makers still have work cut out for them to get assistants in homes and “speaking with’” other smart home devices, the main issue for people holding out doesn’t seem to be insecurity.

Returning to the router as ground zero, the adventurous among you who have been considering smartening up your home, might want to revisit those passwords. A great second step is auditing the number and type of connected devices you have in your home. Polled respondents in Canada who reported having “no connected devices” numbered 18.5 %, with their neighbors in the US posting 20.3%. A big jump among those with 1-5 devices occurs among both Canadians and Americans with 44 – 45% falling in this range. The numbers of power users are also similar, with Canadians holding 15-plus devices coming in at 8.5% and those in the US with 7.8%.

While the similarities in tech deployment may surprise some, what stood out is the shared number on both sides of the northern border who claimed that they “could name all the devices” in their caddies, with 42.4%!

Well, it’s a brave new world, people. And for a last peek at our survey: Have you ever purchased a device with connected features that you did not connect to the internet? If so, why? Well, 5.1% of Americans and 7.5% of Canadians just didn’t have time to set up connectivity, that’s my case too – I tell myself I am safer that way. Some 17% on average in both groups “didn’t care about the features” … probably a better answer than telling yourself you’re safer.

Complete article: https://www.welivesecurity.com/2019/10/08/consumer-perceptions-security-privacy-connected-home/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29