. home.aspx



New research from Eclypsium discloses a vulnerability in Bare Metal Cloud Servers that allows attackers to steal data

February 27, 2019 / Natasha Mathur

Security researchers at Eclypsium, a hardware security startup, published a paper yesterday, examining the vulnerabilities in Bare Metal Cloud Servers (BMCs) that allow attackers to exploit and steal data.“We found weaknesses in methods for updating server BMC firmware that would allow an attacker to install malicious BMC firmware..these vulnerabilities can allow an attacker to not only do damage but also add other malicious implants that can persist and steal data”, states the researchers.BMC is a highly privileged component and part of the Intelligent Platform Management Interface (IPMI). It can monitor the state of a computer and allow an operating system reinstall from a remote management console through an independent connection. This means that there’s no need to physically attach a monitor, keyboard, and installation media to the server in BMCs. Now, although Bare-metal cloud offerings come with considerable benefits, they also pose new risks and challenges to ...