Firmware Attacks: What They Are & How I Can Protect Myself
Gartner reports that 70% of organizations lacking a firmware upgrade plan will be breached by 2022 due to firmware vulnerabilities
Firmware hacks, although they don’t generally tend to share top billing with the likes of ransomware, worms and trojans, are particularly dangerous and capable of bypassing standard antivirus software by infecting the lower stack of your device.
Firmware security is certainly not as tight as it should be, particularly in the basic input/output systems (BIOSes) of most devices.
A report from Wired shows that many BIOSes share portions of the same code. Researchers were able to detect incursion vulnerabilities in up to 80% of the PCs they examined, including those from big brands like Dell and HP.
In a separate study, 73% of participants who didn’t prioritize firmware security reported experiencing a high rate of unknown malware breaches, which made them almost impossible to track and neutralize.
So, what are the biggest risks associated with firmware-related threats? And what can you do to protect yourself and your organization.
Let’s hash it out.
What is Firmware?
Firmware is the very core of your hardware. It’s a simple software that is implanted into every piece of the hardware on your machine. Its primary function is to communicate with the software installed on your computer to ensure that the hardware is able to execute commands correctly.
Certain kinds of firmware are usually only compatible with the make and model of the computer it’s installed on. This means it can usually be rewritten or uninstalled altogether.
Firmware updates will usually be rolled out by hardware companies to fix problems, deliver security patches and add new features to the device.
Understanding the Threat
Firmware vulnerabilities give malicious actors access to your systems — often without you knowing it.
That’s because firmware hacking compromises a device before it has even booted up. It does this by pushing malicious software into the code on the lower levels, which regulates the hardware prior to and after system initialization.
Once the rogue code has found its way into the system, it has the ability to:
modify and sabotage the firmware,
target sections of the OS,
infiltrate software, and
a lot more.
Simple BIOS and newer UEFI systems are frequent points of attack.
Hacks to the firmware can come in multiple forms; malware, bootkits and rootkits are all popular delivery vectors. Infected USBs, corrupted drives and bad firmware products, are also something to be aware of.
A hacker does not need to come into physical contact with a device to deliver the code — this can be done remotely through Wi-Fi, Bluetooth and any other kind of network connectivity. And now that we can connect our phones, televisions, game consoles and the like to the internet, there’s an increasingly possibility of an attack.
Firmware Vulnerabilities Affects Everything, Including the Automotive Industry
The auto industry is also an area of interest for hackers, with the rise of autonomous vehicles.
These days, virtually all modern vehicles include Wi-fi and Bluetooth. And as vehicles become more technologically advanced, they’ll become almost IoT devices in their own right. This means that both security and operational updates will be delivered over the air (OTA), which makes perfect sense for both the manufacturer and the owner.
However, this technology has attracted the interest of hackers. We can expect to see them piggyback on the OTA software to install malicious code that can control some aspect of the vehicle’s operation.
In 2018, a similar such incident occurred when it was discovered that a Russian cyberespionage group had compromised the LoJack anti-vehicle theft system. The altered software was able to inject a trojan into the startup routine of the vehicle.
Once in place, the module was able to mirror legitimate firmware, which allowed it to mine data, “brick” around the system and provide unauthorized access. It was also able to stay put even after hard drive replacements and OS reinstallations.
Firmware Security: Why It’s Important
A firmware hack becomes exponentially worse when you consider that electronics are packed full of firmware — from webcams and sound cards to even the batteries.
Firmware malware exploits this widespread usage. Since firmware isn’t secured by cryptographic signature, it can’t detect an infiltration, which means that it can take many months for your IT security team to figure out that anything is amiss.
These attacks can be treacherous because they can be so hard to detect. Once they’re embedded within the code, they can cause ongoing harm, infect legitimate firmware updates and can even stick around after OS reinstallation or even complete hard drive wipes!
What Are the Biggest Firmware Threats Facing Your Organization?
Lapses in firmware security open you up to the same risks you’re exposed to if you aren’t protecting your devices from phishing, or email hacks, such as:
Spying on your activity
Mining your data
Remotely controlling your device
Stealing your identity
What makes firmware such an easy target is the fact that it’s easy to corrupt, which presents low-hanging fruit for hackers of all skill levels.
Regardless of what a hacker may do once they penetrate your device, you need to be aware of how to stop the attack from occurring in the first place.
How to Implement Firmware Security
Before we offer up any tips about firmware security, it’s pretty crucial to bear in mind that securing firmware is primarily in the hands of those who design the hardware. The outlook at this point indicates there is still much work to do be done, given that the cost of data breaches is expected to reach $6 trillion in 2021.
Many new firmware susceptibilities are continually being found on every electronic device from PCs to printers.
Of course, the flip side of this is that these discoveries are forcing the hand of the hardware manufacturers to develop stronger firmware security measures. Some manufacturers are releasing updates, patches and stronger security measures to try to combat firmware security breaches. This solutions include Intel’s Hardware Shield, Microsoft’s OS protection and Dell’s Enhanced BIOS Verification, all of which are designed to combat long-overlooked vulnerabilities in this area.
Update Your Firmware
As we’ve already explored, many manufacturers are releasing updates based on newly discovered vulnerabilities. This helps to ensure that firmware is working as it should while also allowing manufacturers to add new features to the device.
You need to make it a habit of looking for updates and updating your firmware to the latest versions as quickly and as often as you can to close off lax security avenues and keep your hardware running smoothly.
Don’t Use Untrustworthy USBs
USB safety is a topic I’ve covered extensively. While they’re very convenient devices, in the wrong hands, they can be ticking time-bombs.
A hacker can store malware on the firmware of the device — take the example of BadUSB, the name given to malware which can worm into the firmware of almost any USB device. As soon as the USB is plugged in, the malware works its way into your computer.
BadUSB is hard to detect and even harder to remove, and there is no available quick fix to protect against it.
The only real protection is to use a USB that belongs to you and is used exclusively by you.
Purchase Built-in Firmware Protected Hardware
The best thing you can do, as a consumer, is purchase hardware that includes advanced firmware security.
BIOS vendors, along with other hardware companies, are catching up with their security protocols in light of increasing firmware vulnerabilities.
Take the Dell Enhanced BIOS verification, that we mentioned earlier as an example. It works by assessing the BIOS image against the official “hash” on the Dell server. If something is amiss, it will immediately alert the user.
Where Does the Future Hold for Firmware Security?
The next step for firmware security falls to the firmware researchers, developers and hardware companies.
As new weaknesses are exposed, new patches and updates will need to be produced. For your part you should ensure that you’re:
purchasing electronics with added layers of firmware security;
updating current machines as much as possible; and, as always
not plugging in USB devices that you can’t identify.
As with most things in life, it’s important to keep ahead of the curve — and cybersecurity is certainly worth the time and effort to stay on top of.
Firmware attacks receive much less attention than other large-scale cyber threats. But make no mistake — they’re just as capable of causing huge upheaval for those who are impacted.