What is Firmware Security
Did you know that by inserting malware into your machine”s firmware, criminals can bypass your antivirus scans?
Firmware is software that”s built into every piece of your machine”s hardware, and its primary purpose is to communicate with the software you install on your computer to ensure that the hardware appropriately performs the software”s commands.
The following reasons are why firmware has become a popular target for both hackers and researchers:
firmware is not designed with security in mind, it poses a significant risk.
firmware lives at the architectural layers of the device that are not normally accessible to current tools, firmware attacks are difficult to detect by current antivirus and other security applications.
If malware is able to control system firmware, it has complete control over the machine.
Malware buried in firmware is difficult to remove and can withstand operating system reboots and fresh installs.
Firmware Security Threats
Infected firmware may result in:
Spying on your activity
Buffer overflows to inject malware
Exfiltrating your data and remote control of your computer
Elevation of privilege System Management Mode (SMM) code injection
Data tampering Modifying UEFI variables (SecureBoot, Configuration, etc.)
Unauthorized access to sensitive data Disclosure of System Management Random Access Memory (SMRAM) contents
Information disclosure SMM rooted malware; secrets left in memory
Denial of Service serial peripheral interface (SPI) flash corruption to brick the system
Key Management Private Key Management for signed capsule updates
Firmware Security Recommendations:
Take a proactive approach to firmware security to reduce risks.
Update Firmware Constantly
You should adopt a policy of looking for updates and updating your firmware to the latest version as quickly as possible to close security holes and ensure proper functioning of your hardware.
Use only trusted USBs.
USBs are insecure and potentially harmful. A skilled hacker can install malware directly into the device”s firmware. BadUSB is a security vulnerability that allows an attacker to reprogramme a USB device and use it to manipulate the victim”s computer. BadUSB worms its way into the firmware of most USB drives and then copied to your computer the moment you plug it in. This attack is risky since most antivirus and malware scanners are unable to access the firmware on USB devices and hence cannot protect the PC.
Invest in hardware that has anti-malware protection.
In light of previous firmware vulnerabilities, BIOS makers, like other hardware businesses, are constantly improving their security. Talk to your manufacturers about the security mechanisms they”ve included in their firmware, and only use the most secure hardware.
The Guyana National CIRT recommends that users and administrators review these recommendations and implement them where necessary.