Firmware Security Vulnerabilities and How to Prevent Them

Did you know that hackers can bypass your antivirus scans by embedding malware into the firmware of your machine?

Firmware security isn’t as secure as it should be, especially in the Basic Input/Output System (BIOS) of most computers.

According to Xeno Kovah and Corey Kallenberg in a report from Wired, many BIOS share some of the same code, which allowed these 2 researchers to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo, and HP.

Xeno Kovah subsequently went on to work with Trammell Hudson to develop a worm that could infect Mac PC’s effortlessly, according to another report from Wired.

In the study “Firmware Security Risks and Mitigation, Enterprise Practices and Challenges,” 73% respondents who did not prioritize firmware security experienced a high rate of unknown malware occurrences.

In contrast, 52% of respondents who did prioritize firmware security reported at least 1 incident of malware-infected firmware infiltrating the company system.

Even though both groups did experience a firmware attack, only the group who prioritized firmware security were able to identify and neutralize the threat.

To help you prioritize firmware security, we’ll go over a few tips for preventing hackers from gaining access to your machines.

Before we do that, though, let’s go over what firmware is, why firmware security is important, and the real risks of a firmware infection.

What is Firmware?

Firmware is the essence of your hardware.

It’s basic software that’s embedded into every piece of hardware within your machine.

Essentially, its function is to communicate with the software you install on the computer and ensure the hardware executes the software’s commands correctly.

It’s only compatible with the make and model of the computer it’s installed on, and it can usually be rewritten, removed, or uninstalled.

Why Does Firmware Security Matter?

The research we referenced at the beginning of this article showed that Firmware could be hacked and embedded with malware.

This problem becomes exponentially worse when you realize that computers contain tons of firmware – from your webcam to your sound card to your battery.

So much firmware poses a huge risk to your computer because firmware producers usually don’t design their firmware with security in mind.

Firmware malware will exploit this lack of security by attaching their code to the firmware’s code. Since the firmware isn’t secured by a cryptographic signature, it won’t detect the infiltration, and the malware will be hidden within the firmware code.  

Once the firmware is in, it can be used for several purposes.

What are the Biggest Firmware Security Threats?

A lack of firmware security opens you up to the same risks you’re exposed to if you don’t know how to prevent phishing, or business email compromise, or any other IT security threats out there, such as:

• Spying on your activity
• Exfiltrating your data
• And remote control of your computer

What makes firmware unique is that it is easily corruptible which leads some experts to believe the most obvious use for hacking firmware is “bricking” your machine, making it inoperable or unbootable.

Hackers actually did this during the infamous Ukrainian power grid attack. They bricked serial-to-ethernet converters, forcing the organization to replace them because once the malicious firmware was installed, they became unusable.

Now, regardless of what hackers might do once they penetrate your system, you need to improve your firmware security if you want to stop them from doing anything at all with your machine.

How do you Implement Firmware Security?

Before we get into a few firmware security tips, you need to know something…

Firmware security is largely in the hands of hardware makers. It is the industry’s role to design their products to withstand malware infections.

Unfortunately, the industry still has a lot of work to do.

For example, researchers in 2011 revealed that certain HP laser printers had a firmware vulnerability, exposing customers to malware and hacker attacks.

More recently, at the BlackHat Asia 2017 security conference, researchers from Cylance revealed 2 vulnerabilities in the firmware of Gigabyte BRIX small computing devices, according to a report from Bleeping Computer.

There’s no doubt that many more firmware vulnerabilities are being discovered right now across a whole host of devices.

The positive side of these discoveries is that manufacturers are being forced by the market to create firmware security measurements that can withstand cyberattacks. Some manufacturers, like Intel, are releasing updates or patches for specific pieces of vulnerable firmware.

Here are 3 ways you can take advantage of the discovery of firmware vulnerabilities and the release of new firmware security measures:

Update Firmware Constantly

As we’ve seen, some manufacturers are releasing updates based on exposed vulnerabilities, others release updates to keep the firmware operating correctly.

You should employ a policy of looking for updates and updating your firmware to the latest version as quickly as possible to close security holes and ensure proper functioning of your hardware.

Don’t use Untrusted USBs

USBs are highly insecure and dangerous.

A smart hacker can store malware into the firmware of the device itself.

BadUSB is the name given to the malware developed by researchers Karsten Nohl and Jakob Lell that can be wormed into the firmware of most USB drives and transferred onto your computer the moment you plug it in.

BadUSB is hard to detect and remove, and there isn’t an easy patch for it.

Some organizations simply ban the use of USBs altogether.

We suggest using USBs that have been exclusively handled by you and you only.

Buy Hardware with Built-In Protections Against Malicious Firmware

The best step you can take is to buy hardware with built-in firmware security.

BIOS vendors, among other hardware companies, are continually updating their security in light of the past firmware vulnerabilities demonstrated by various researchers.

Take Dell’s BIOS verification method, for example.

It compares the BIOS image against the official hash generated on Dell’s servers. If it detects an issue, it immediately alerts your IT department.

Speak with your vendors about the security features they’ve developed for their firmware and only use hardware that is the most secure.

What’s Next for Firmware Security?

The next move for firmware security rests on the shoulders of firmware developers and firmware researchers.

As new holes are found, new patches will be developed.

As new vulnerabilities are exposed, new updates will be released.

Avoid USBs as much as possible, talk with your vendors about the firmware security of your current machines, and keep all your firmware up-to-date.

If you’re confused about firmware security and need the advice of IT security experts, we can help.