Hackers have made the most of a loophole in the rules governing steel targets to target steel.
In order to do this, they need to modify the firmware of a target they are attempting to hack, which could involve hacking the target itself.
The rules for hacking steel targets were first proposed in 2011 by the US government, which has since expanded them to cover other types of target components.
The rules state that a hackable target has to be “non-functioning and physically accessible”.
To be non-functional and physically available, the target must be connected to the internet, and it must be physically connected to a power source such as a wall socket or a power supply.
But hackers can also use this loophole to target the firmware, and they do so by modifying the firmware itself.
According to the rules, a firmware modification is “an attempt to alter the firmware”.
“The target firmware is modified to include malicious code or instructions that can be executed by a user, regardless of whether the target is physically connected or not,” the rules say.
In a blog post published on Wednesday, a team of researchers from the University of Illinois-Urbana-Champaign found a way to modify a target’s firmware that was able to cause a range of problems for the hackers, including causing a target to reboot or lock itself in place, causing the target to lose control over its target, and causing the attacker to be able to hack into other devices.
“If you are in a room full of people and a target has a built-in reset button, then you can set it to a key that can’t be hit or reset,” University of Michigan security researcher John Wiegert said in a blogpost.
“So, if you’re hacking into a target, you can still hack a target by hacking the firmware and then changing the firmware to make it work with the new firmware.”
The hack was discovered by researchers from University of Minnesota and Carnegie Mellon University, who reported their findings on Wednesday.
The researchers used a firmware patch for Steel Target firmware.
“We created a firmware-patching tool that we patched to patch Steel Target,” University Professor Jonathan Mott said in the blogpost, “and then we also modified the firmware so that we could get the same effect as if we had changed the firmware ourselves.”
This means that the hackers have not just been able to bypass Steel Target’s firmware security requirements, they have also been able, using the tools they modified, to bypass the company’s own security standards.
“This firmware-patched Steel Target device is a good example of how hackers can bypass security measures by exploiting vulnerabilities in existing firmware,” the blog post from the researchers reads.
“By modifying firmware, they can cause Steel Target to reboot itself, allowing the attacker’s code to execute.”
“We hope that this work will help secure the next generation of firmware vulnerabilities that are already out there and will help manufacturers, software vendors, and security researchers understand the vulnerabilities that hackers will eventually exploit,” the researchers write.
Hackers have already made attempts to modify firmware in the past.
Last year, an attack called WannaCry forced the UK government to introduce a patch for vulnerabilities in some of the country’s rail network systems, including a flaw in the railway system’s train control systems.