Hot Topics
Security Bloggers Network 
SBN

Firmware Attacks: What They Are & How I Can Protect Myself

by Richard Lecount on February 26, 2020

Gartner
reports that 70% of organizations lacking a firmware upgrade plan will be breached
by 2022 due to firmware vulnerabilities

Firmware hacks, although they don’t generally tend to share top billing with the likes of ransomware, worms and trojans, are particularly dangerous and capable of bypassing standard antivirus software by infecting the lower stack of your device.

Firmware security is certainly not as tight as it should be,
particularly in the basic input/output systems (BIOSes) of most devices.

A report from Wired shows that many BIOSes share portions of the same code. Researchers were able to detect incursion vulnerabilities in up to 80% of the PCs they examined, including those from big brands like Dell and HP.

In a separate study, 73% of participants who didn’t prioritize firmware security reported experiencing a high rate of unknown malware breaches, which made them almost impossible to track and neutralize.

So, what are the biggest risks associated with firmware-related threats? And what can you do to protect yourself and your organization.

Let’s hash it out.

What
is Firmware?

Firmware is the very core of your
hardware. It’s a simple software that is implanted into every piece of the
hardware on your machine. Its primary function is to communicate with the
software installed on your computer to ensure that the hardware is able to
execute commands correctly.

Certain kinds of firmware are usually
only compatible with the make and model of the computer it’s installed on. This
means it can usually be rewritten or uninstalled altogether.

Firmware updates will usually be rolled
out by hardware companies to fix problems, deliver security patches and add new
features to the device.

Understanding the Threat

Firmware vulnerabilities give malicious
actors access to your systems — often without you knowing it.

That’s because firmware hacking compromises
a device before it has even booted up. It does this by pushing malicious
software into the code on the lower levels, which regulates the hardware prior to
and after system initialization.

Once the rogue code has found its way
into the system, it has the ability to:

  • modify and sabotage the firmware,
  • target sections of the OS,
  • infiltrate software, and
  • a lot more.

Simple BIOS and newer UEFI systems are
frequent points of attack.

Hacks to the firmware can come in multiple forms; malware, bootkits and rootkits are all popular delivery vectors. Infected USBs, corrupted drives and bad firmware products, are also something to be aware of.

A hacker does not need to come into physical contact with a device to deliver the code — this can be done remotely through Wi-Fi, Bluetooth and any other kind of network connectivity. And now that we can connect our phones, televisions, game consoles and the like to the internet, there’s an increasingly possibility of an attack.

Firmware Vulnerabilities Affects Everything, Including the
Automotive Industry

The auto industry is also an area of interest for hackers, with
the rise of autonomous vehicles.

These days, virtually all modern vehicles include Wi-fi and Bluetooth. And as vehicles become more technologically advanced, they’ll become almost IoT devices in their own right. This means that both security and operational updates will be delivered over the air (OTA), which makes perfect sense for both the manufacturer and the owner.

However, this technology has attracted the interest of hackers. We can expect to see them piggyback on the OTA software to install malicious code that can control some aspect of the vehicle’s operation.

In 2018, a similar such incident occurred when it was discovered that a Russian cyberespionage group had compromised the LoJack anti-vehicle theft system. The altered software was able to inject a trojan into the startup routine of the vehicle.

Once in place, the module was able to mirror legitimate firmware, which allowed it to mine data, “brick” around the system and provide unauthorized access. It was also able to stay put even after hard drive replacements and OS reinstallations.

Certificate Management Checklist

Manage Digital Certificates like a Boss

14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant.

Download the Checklist

Firmware Security: Why It’s Important

A firmware hack becomes exponentially worse when you consider that electronics are packed full of firmware — from webcams and sound cards to even the batteries.

Firmware malware exploits this widespread usage. Since firmware isn’t secured by cryptographic signature, it can’t detect an infiltration, which means that it can take many months for your IT security team to figure out that anything is amiss.

These attacks can be treacherous because they can be so hard to detect. Once they’re embedded within the code, they can cause ongoing harm, infect legitimate firmware updates and can even stick around after OS reinstallation or even complete hard drive wipes!  

What Are the Biggest Firmware Threats Facing Your
Organization?

Lapses in firmware security open you up to the same risks you’re exposed to if you aren’t protecting your devices from phishing, or email hacks, such as:

  • Spying on your activity
  • Mining your data
  • Remotely controlling your device
  • Stealing your identity

What makes firmware such an easy target
is the fact that it’s easy to corrupt, which presents low-hanging fruit for
hackers of all skill levels.

Regardless of what a hacker may do once they penetrate your device, you need to be aware of how to stop the attack from occurring in the first place.

How to Implement Firmware Security

Before we offer up any tips about firmware security, it’s pretty crucial to bear in mind that securing firmware is primarily in the hands of those who design the hardware.  The outlook at this point indicates there is still much work to do be done, given that the cost of data breaches is expected to reach $6 trillion in 2021.

Many new firmware susceptibilities are continually
being found on every electronic device from PCs to printers.

Of course, the flip side of this is that these discoveries are forcing the hand of the hardware manufacturers to develop stronger firmware security measures. Some manufacturers are releasing updates, patches and stronger security measures to try to combat firmware security breaches. This solutions include Intel’s Hardware ShieldMicrosoft’s OS protection and Dell’s Enhanced BIOS Verification, all of which are designed to combat long-overlooked vulnerabilities in this area.

Update Your Firmware

As we’ve already explored, many
manufacturers are releasing updates based on newly discovered vulnerabilities.
This helps to ensure that firmware is working as it should while also allowing
manufacturers to add new features to the device.

You need to make it a habit of looking
for updates and updating your firmware to the latest versions as quickly and as
often as you can to close off lax security avenues and keep your hardware
running smoothly.

Don’t Use Untrustworthy USBs

Graphic: a USB that represents using trustworthy USB devices only to avoid firmware vulnerabilities and malware.

USB safety is a topic I’ve covered extensively.
While they’re very convenient devices, in the wrong hands, they can be ticking
time-bombs.

A hacker can store malware on the firmware of the device — take the example of BadUSB, the name given to malware which can worm into the firmware of almost any USB device. As soon as the USB is plugged in, the malware works its way into your computer.

BadUSB is hard to detect and even harder
to remove, and there is no available quick fix to protect against it.

The only real protection is to use a USB
that belongs to you and is used exclusively by you.

Purchase Built-in Firmware Protected Hardware

The best thing you can do, as a
consumer, is purchase hardware that includes advanced firmware security.

BIOS vendors, along with other hardware
companies, are catching up with their security protocols in light of increasing
firmware vulnerabilities.

Take the Dell Enhanced BIOS verification, that we mentioned earlier as an example. It works by assessing the BIOS image against the official “hash” on the Dell server. If something is amiss, it will immediately alert the user.

Where Does the Future Hold for Firmware Security?

The next step for firmware security
falls to the firmware researchers, developers and hardware companies.

As new weaknesses are exposed, new
patches and updates will need to be produced. For your part you should ensure
that you’re:

  • purchasing electronics with added layers of firmware security;
  • updating current machines as much as possible; and, as always
  • not plugging in USB devices that you can’t identify.

As with most things in life, it’s
important to keep ahead of the curve — and cybersecurity is certainly worth the
time and effort to stay on top of.

Firmware attacks receive much less
attention than other large-scale cyber threats. But make no mistake — they’re
just as capable of causing huge upheaval for those who are impacted.


Recent Articles By Author
More from Richard Lecount

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Richard Lecount. Read the original post at: https://www.thesslstore.com/blog/firmware-attacks-what-they-are-how-i-can-protect-myself/

Richard Lecount ,