Accessing and infecting iLO is not only possible through the iLO network port, but also through the system administrator or root access to the main operating system.The iLO admin panel of HP servers is a safe haven for malware which – after infection – cannot be detected or cleaned up by conventional methods.We hope this report will serve as a turning point for attracting more public attention to the security of firmware and creating solutions to protect them. We intend to make these available to the general public in the near future. In addition to this report, we’ve developed some tools to dump iLO firmware and check for infections. Finally, in the last section, we will discuss strategies and solutions for protecting iLO. Then, in the next section, we will analyze the discovered malware and its various modules. Since analyzing this malware requires some knowledge of the HP iLO firmware architecture, we’ll first give a general overview of the HP iLO architecture. As far as we know, this is the first report of the discovery of real-world malware in iLO firmware in the world. This malware has been used by hackers for some time and we have been monitoring its performance. In this report, we analyze a rootkit discovered in-the-wild that hides inside the iLO, cannot be removed by firmware upgrades and can be hidden from the sight for a long time. There are numerous aspects of iLO that make it an ideal utopia for malware and APT groups: Extremely high privileges (above any level of access in the operating system), very low-level access to the hardware, being totally out of the sight of the admins, and security tools, the general lack of knowledge and tools for inspecting iLO and/or protecting it, the persistence it provides for the malware to remain even after changing the operating system, and in particular being always running and never shutting down…
#HP ILO 4 2.55 FIRMWARE UPDATE LINK INSTALL#
In addition to managing the server hardware, it allows the admin to remotely turn the server on and off, gain access to the server’s console, and even install an operating system on it.
#HP ILO 4 2.55 FIRMWARE UPDATE LINK FULL#
This module has full access to all the firmware, hardware, software, and operating system installed on the server. Integrated Lights-Out), which turns on as soon as the power cable is connected, loading a full-blown proprietary operating system. HP servers provide a management module called iLO (a.k.a.
0 kommentar(er)
