What Is Firmware? What You Need to Know About Firmware Security

Summary: This brief article discusses small business cyber security related to firmware backdoor cyberattacks. Learn what steps should be taken to secure your computer system’s firmware. For a complete vulnerability assessment, contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com to discuss your SMB’s overall security.

When most business owners think about small business cyber security, they focus on system vulnerabilities and application software or malicious code embedded in email phishing scams. But what about firmware? What is it, and why should you care about firmware security? Firmware is a program that is built into a device’s hardware. It is written to computer hardware’s non-volatile memory, meaning static random-access memory that retains vital data, even when the device is powered off or loses external power. Installed in the motherboard during manufacturing, a computer’s firmware allows it to operate and communicate with other devices.

Malware Injections From Firmware

You might wonder, “Why should I care about firmware security?” The answer is more concerning than you would think. The firmware contained in hardware can be infected with rootkits or bootkits. Rootkits are potentially very harmful. They are also difficult to detect and remove because they are hidden in system firmware and inject malicious code into the system during every bootup. Rootkits are difficult to remove because they reside in the hardware’s firmware. Every time the hardware boots up, more malicious code is injected into the system. Therefore, an attack can begin again even after you completely wipe your hard drive clean and remove the operating system.

It’s all in the motherboard. Gigabyte, a company that manufactures the most popular and reliable motherboards, found that their boards can be abused by backdoor attacks from cybercriminals via the firmware. This firmware, also known as Unified Extensible Firmware Interface (UEFI), defines the firmware architecture with respect to the booting sequence of the hardware and how it communicates with the rest of the operating system. In a sense, UEFI firmware performs like a mini operating system that controls hardware initialization before relaying the boot sequence to the bootloader.

The instructions firmware gives for booting up a device is called the Basic Input/Output System or BIOS. Some BIOS agents have installed anti-theft features such as “Absolute LoJack.”

LoJack allows computer owners to track and wipe a stolen computer to ensure their data doesn’t fall into the wrong hands. The beauty of this security enhancement is that it is injected into the firmware and will remain active even if a bad actor reinstalls the OS.

Gigabyte Motherboard BIOS Updates

One of the factors contributing to hacker backdoor firmware attacks is that Gigabyte motherboards include an automatic updating feature to keep their firmware current and secure. Firmware updates are essential. However, the problem with auto-updating firmware is that it must check and download from three different websites when searching for updates. An automatic, unencrypted connection is a golden opportunity for cyber thieves to launch man-in-the-middle attacks with which they insert themselves via unsecured internet connections as the data is transmitted to and from different servers. By doing so, they can redirect your data traffic to one of their own servers.

Also, Gigabyte BIOS updates may originally be signed with a valid digital signature. However, the built-in firmware doesn’t require further validation or authentication for updates or new firmware tools to be downloaded. The omission of verification opens yet another door to cyberattacks. Gigabyte firmware breaches are not just about the initial attack. A successful firmware breach opens the door for many other malware attacks that may be launched through a computer’s operating system. If not caught quickly, firmware attacks are just the beginning of the havoc that cybercriminals can create with a variety of other cyberattacks. Gigabyte driver updates must be kept up to date to secure your firmware further, as they control your computer system's overall performance.

Gigabyte motherboards are widely used but are not the only ones with vulnerable back doors. However, motherboard backdoor vulnerabilities and the recent increase in attacks underscore how the scope of cyber security has broadened over time such that this function is now beyond the average user’s knowledge. The evolving threats to firmware require additional professional IT expertise to bolster hardware security and afford early threat detection. The benefits of a firmware security solution are:

• Cloud-based Management – Cyber security management of updates and device security from cloud-based platforms allow centralized and more secure updating operations.
• Network Integration of Security Smart Devices – The Internet of Things (IoT), meaning all connected smart devices, presents a wide variety of unique security issues. Typical cyber security protections do not effectively monitor firmware on IoT devices. Therefore, a security solution integrating firmware into the overall cyber security plan will allow better monitoring and management of IoT device security.

Cyber thieves' target landscape continues to grow daily as millions of new computers and smart devices are connected to networks. Each new device is an endpoint through which hackers constantly attempt to exploit vulnerabilities. The cyber security “big picture” has gone IMAX, and SMBs must invest in robust cyber security to ensure they do everything they can to lock down devices and circumvent potentially devastating cyberattacks.