HP's Malware-Laden Switches Illustrate Supply Chain Risks

[Anonymous]

HP’s Malware-Laden Switches Illustrate Supply Chain Risks

Hewlett-Packard is trying to figure out what happened as the technology giant warned customers that some of the HP ProCurve switches shipped last year contained malware-laden flash cards.

While the malware couldn’t do anything to the 10 Gbps-capable line of LAN switches, if the customer ever decided to re-use the card and insert it into a computer, that computer would likely be compromised.

It’s not that unlikely a scenario. The switches ship with 1GB cards, and someone frantically looking for a flash card could conceivably borrow the card to perform a quick task.

Business owners don’t always think about the integrity of the supply chain when buying hardware and software components. Even the biggest brands can ship infected components if a computer in the factory is compromised.

Supply Chain Risks
Software and hardware embedded with malware are often shipped because of a malicious actor or a compromised computer somewhere in the supply chain, Greg Schaffer, acting deputy undersecretary of the DHS National Protection and Programs Directorate, told a House committee last July. When pressed details, Schaffer just said he was "aware of instances where that has happened."

Considering the number of electronics we buy, and how reliant businesses are on their switches, computers, and other equipment, the thought that something could be infected because someone in the manufacturing and shipping process had malicious intentions is unnerving.

In fact, this isn’t HP’s first malware snafu. HP Australia accidentally shipped optional USB drives infected by Fakerecy and SillyFDC malware with its ProLiant servers back in 2008. And in 2001, some printer drivers available on HP’s Website were infected with FunLove after some of the company’s computers had been compromised.

Best Practices are Key
Security experts regularly remind administrators to install updated drivers and firmware. But even the vendors can get infected and pass that infection on to their customers.

This is why it’s important to have your own security measures in place. Some best practices include having a strong security suite to scan the files being downloaded to make sure the files aren’t infected (regardless of the source), never re-using components across platforms, and using the administrator account only when actually performing administrative tasks.

Fixing the ProCurve Problem
At this time, it is unclear what type of malware may be on the infected flash cards, where it came from, or the kind of damage it could cause on the infected computer.  Customers who purchased HP ProCurve 5400 ZL series after Apr. 30, 2011 are at risk, according to a security advisory issued by HP’s Software Security Response Team on Apr. 11. The bulletin listed affected serial numbers and instructions on how to find that information on the switch.

The issue can be resolved by either replacing the hardware or via "Software Purge." The software option involves running a script provided by HP to delete malicious files and directory. The script would be able to clean up the infection without taking the switch offline. For customers who prefer to replace the hardware, either because they are not comfortable running the script or the switch was deployed on some other network, HP will ship a replacement Management Module. The switch must be powered down to replace the hardware, HP said.The HP 5400 zl series is part HP’s modular chassis line of switches.

[Author]

April 17, 2012 at 7:52 AM