Chapter 33 Β· Flashcards

Hardware Vulnerabilities Flashcards

Click any card to reveal its definition.

0 / 10 flipped
Firmware
Tap to reveal
The software embedded inside a hardware device β€” its internal operating system. Firmware controls the device's core functionality and cannot be updated by end users. Only the manufacturer can release firmware patches. If the vendor doesn't release a fix, the vulnerability remains regardless of any other action the owner takes.
Why can't owners patch firmware themselves?
Tap to reveal
Firmware is tightly coupled to the hardware and inaccessible to end users. Unlike a Windows or Linux OS where admins have full shell access and can apply patches independently, hardware firmware has no user-accessible shell or standard update mechanism. The owner depends entirely on the manufacturer writing, testing, and releasing a firmware update β€” a process that can take months to years.
End of Life (EOL)
Tap to reveal
The stage at which a manufacturer stops selling a product. Security patches and support MAY still be available. EOL is a planning signal β€” begin replacement planning now, before support actually ends. Do NOT confuse with EOSL. At EOL: no longer sold, but may still be patched.
End of Service Life (EOSL)
Tap to reveal
The stage at which a manufacturer stops ALL support β€” no more security patches, bug fixes, or technical assistance. Any vulnerability discovered after EOSL will never be patched. The firmware is permanently frozen. This is the critical security threshold: the device accumulates unpatched CVEs indefinitely. Replace urgently; apply compensating controls in the interim.
EOL vs. EOSL β€” The Key Distinction
Tap to reveal
EOL = no longer sold, but PATCHES MAY STILL BE AVAILABLE. EOSL = no longer sold AND NO MORE PATCHES EVER. At EOL, plan replacement. At EOSL, apply compensating controls immediately and replace as soon as possible. The exam tests this distinction directly β€” many candidates confuse the two.
Legacy Platform
Tap to reveal
A device or system still in use beyond its intended lifecycle β€” often running an older OS, outdated firmware, or end-of-life software. Legacy platforms remain deployed because replacement is expensive or operationally disruptive. Security posture deteriorates over time as unpatched vulnerabilities accumulate. Compensating controls (firewall, IPS, segmentation) manage risk while replacement is planned.
Trane ComfortLink II (2014–2016)
Tap to reveal
A smart thermostat case study in firmware patch delays. Three vulnerabilities discovered April 2014. First two patches: April 2015 (12 months later). Third patch: January 2016 (22 months later). All unpatched thermostats were exposed throughout this period. Device owners could do nothing β€” only Trane could release a fix. Illustrates the firmware patching gap vs. traditional OS (days-to-weeks).
Three Compensating Controls for EOSL Devices
Tap to reveal
(1) Firewall rules β€” restrict access to only necessary systems; block all other traffic to/from the device. (2) IPS signatures β€” deploy network-layer detection for known exploits targeting the specific firmware version. (3) Network segmentation β€” isolate the device in a VLAN with no direct path to other network segments. These controls reduce attack surface but do not fix the underlying vulnerability. Replacement is the only permanent solution.
Why is IoT a security concern?
Tap to reveal
IoT devices (thermostats, cameras, door locks, industrial sensors) are network-connected, run firmware only the manufacturer can update, receive infrequent patches, and have long service lives. Each IoT device expands the attack surface β€” a compromised device can be used as a network pivot point, for data exfiltration, or as part of a botnet. The more IoT devices on the network, the more potential entry points.
Why can't you just keep using an EOSL device forever?
Tap to reveal
Because vulnerabilities continue to be discovered after EOSL, and none of them will ever be patched. Every new CVE published for the firmware version is a permanent, unresolvable vulnerability. The device's risk exposure grows over time β€” it's not static. Compensating controls slow the rate of exploitation but cannot prevent all attacks indefinitely. At some point, the unpatched attack surface outgrows the ability of compensating controls to manage it.