COVID-19: Critical business support and our focus on employee health. Learn More

The Raritan Blog

University of Michigan Team Publishes Paper on BMC/IPMI Security Issues

Posted on September 6, 2013 by Richard Dominach

Security LockA University of Michigan team has published their research on IPMI and BMC security issues.  Entitled “Illuminating the Security Issues Surrounding Lights-Out Server Management,” this article follows up on the IPMI/BMC security issues highlighted by Dan Farmer and HD Moore as summarized in my previous blog on this subject. The Department of Homeland Security’s US-CERT team has posted an alert on the IPMI security risks.

The researchers provide an introduction to the issues, note the previous research, define IPMI/BMC security risks and analyze a particular implementation and describe their successful attack on this implementation.  They found “blatant textbook vulnerabilities” and concluded that the implementations “suggest either incompetence or indifference towards customer security.”  They then determine the number of publicly (Internet) accessible IPMI devices, which they determine to be more than 105,000.  They provide some defenses and lessons and indicate areas for future work.  The Washington Post has published an article on the paper and interviewed one of the authors, who criticizes the embedded device community for their security practices.

Customers who make use of BMC and IPMI based remote management cards and systems need to be aware of these issues and take the proper steps to safeguard their implementations.  Given the severity of these issues, they should consider alternative remote management solutions such as KVM-over-IP switches, which can avoid most of these risks.


Upcoming Events

2020 DoDII Worldwide
August 2–5  •  Phoenix, AZ
AFCOM Data Center World 2020
August 24–27  •  San Antonio, TX
DCD NY 2020
September 1–2  •  New York City, NY
Critical Facilities Connect 2020
September 14–15  •  Charlotte, NC
Spiceworld 2020
September 15–20

View all Events

Latest Raritan News

Raritan Introduces Economical New Generation KVM-Over-IP Switch and Serial Access for SMBs
Posted on March 2, 2020
Extended IT rack power mapping possibilities with Raritan’s locking solution
Posted on October 23, 2019
Raritan Ranked as the Global Leader in KVM-over-IP Switches
Posted on October 21, 2019
Raritan’s New KVM-over-IP User Station Brings 4K Performance and Productivity to Remote Equipment Access
Posted on September 18, 2019
Raritan’s New 4K Ultra HD KVM-over-IP Switch Wins Best of Show Award at NAB
Posted on May 21, 2019

View all news