Organizations are waking up to the reality that a dangerous implementation issue could lead to devastating operational disruption by providing hackers the ability to bypass typical security controls and take over cloud based systems. The weakness is due to a set of implementation issues in the Intelligent Platform Management Interface (IPMI), which now comes standard on almost all rack-mount hardware. Digital Defense, Inc. (DDI), a leading national information security risk assessment firm, has conducted extensive analysis on these vulnerabilities and is offering solutions to effectively mitigate this threat.
- IPMI based attack vectors can be extremely damaging due to the unique method in which hackers can gain access:
- IPMI-based security weaknesses exist within network-accessible embedded components of rack-mount hardware. As such, normal operating system-based security controls offer no protection.
- Attackers can hijack powered-on servers even when they are shut down, and then leverage this access to take over the primary operating system. This is true whether the organization is running Microsoft Windows (32 or 64-bit) or Linux operating systems on the targeted servers.
- This issue appears to be widespread. Rack-mount servers with these flaws have been in distribution for years, and exist within a variety of models manufactured by numerous vendors.
DDI’s Vulnerability Research Team (VRT) has been performing extensive analysis on the flaws to validate the conditions, and presented its analysis and findings during the BSides Texas – San Antonio conference in May 2013.
Following the company’s responsible disclosure policy, DDI has been warning customers and technology partners of the dangers of this concern for several months, while at the same time conducting responsible due diligence and developing remediation solutions for the issue.
Gordon MacKay, EVP/Chief Technology Officer at DDI states, “When our security research team examined these embedded interfaces, the magnitude of the implementation flaws became clear. We knew we had to act quickly to ensure our clients were not impacted by the threat. We released our findings to the information security community at BSides, while fast-tracking our research to find a remedy. We are pleased that we are able to both raise awareness about this potentially harmful threat, and offer solutions as well.”
More detailed information on the IPMI vulnerabilities and remediation can be accessed on the DDI Labs Blog. In addition, organizations wishing to obtain a rapid scan of their full network to determine if these vulnerabilities are present can contact DDI at 888-273-1412 or [email protected]