Hardware & Virtualization Vulnerabilities

Hardware Vulnerabilities

Firmware Attacks

Firmware is low-level software embedded in hardware (BIOS/UEFI, router firmware, IoT devices).

Risks:
- Persistent malware survives OS reinstalls
- Runs before OS security controls load
- Hard to detect without specialized tools

Examples:
- Compromised UEFI rootkits (LoJax, MosaicRegressor)
- Malicious router firmware (VPNFilter)
- IoT devices with default/no firmware signing

Defenses:
- Secure Boot (verifies firmware signatures)
- UEFI firmware updates from vendor only
- TPM (Trusted Platform Module) for integrity measurement

JTAG / Debug Interface Attacks

JTAG (Joint Test Action Group) — hardware debugging interface used to read/write chip memory.

Risk:
- Physical access → dump firmware, bypass authentication
- Extract encryption keys or credentials from device memory
- Inject malicious code directly into hardware

Targets: routers, IoT devices, embedded systems
Mitigation: Disable JTAG in production, physical security controls

Side-Channel Attacks

Extracting secrets by observing physical characteristics of a system rather than breaking the algorithm.

Examples:
- Meltdown (CVE-2017-5754): Read kernel memory from user space via CPU speculation
- Spectre (CVE-2017-5753): Exploit branch prediction to leak data across process boundaries
- FLUSH+RELOAD: Spy on AES key schedule via shared cache lines

Evil Maid Attack

Physical access to an unattended device — attacker modifies hardware or software (bootloader, firmware) to extract data later.

Scenario: Hotel room, border crossing, device left unattended
Mitigation:
- Full disk encryption (FDE)
- Trusted Platform Module (TPM) + PIN
- Tamper-evident seals
- BIOS password to prevent boot device changes

Hardware Implants / Supply Chain Tampering

Examples:
- Malicious chips added during manufacturing (Bloomberg "The Big Hack" allegation)
- Interception of hardware in transit — implants added before delivery (TAO catalog)

Mitigations:
- Purchase from authorized/verified suppliers
- Hardware validation on receipt
- X-ray inspection for high-security environments

Virtualization Vulnerabilities

VM Escape

Breaking out of a virtual machine to access the hypervisor or other VMs on the same host.

How it works:
- Exploits vulnerability in hypervisor code (VMware, VirtualBox, Hyper-V)
- Attacker in guest VM → gains host-level access or pivots to neighboring VMs

Notable CVEs:
- CVE-2019-5544 (VMware ESXi/Workstation heap overflow)
- VENOM (CVE-2015-3456): Floppy disk controller bug in QEMU

Mitigations:
- Keep hypervisor patched
- Disable unused virtual hardware (floppy, serial ports)
- Separate VMs for sensitive workloads

Hypervisor Vulnerabilities

Container Vulnerabilities (Docker/K8s)

Risks:
- Container escape → access to host OS (kernel shared between containers)
- Privileged containers → full host access
- Exposed Docker socket (/var/run/docker.sock) → root on host
- Image from untrusted registry → malicious code

Mitigations:
- Use rootless containers
- Apply seccomp and AppArmor profiles
- Never mount Docker socket into containers
- Scan images with Trivy / Clair before deployment
- Use namespaces and cgroups properly

Resource Reuse / Data Remnants

When a VM or container is destroyed, its memory and storage may not be fully zeroed.

Risk: New tenant allocated same memory/disk → reads previous tenant's data

Mitigations:
- Secure memory zeroing before reallocation (hypervisor-level)
- Encrypted storage volumes
- Apply cloud provider's data deletion verification