Firmware is everywhere; in every system and nearly every technology device we use on a daily basis – clearest example would be computers/laptops. Firmware is also highly vulnerable to malware attacks, where hackers corrupt the firmware to create persistent problems for the firmware despite security managers “fixing” the initial issue. Firmware attacks are so common that people constantly research ways to prevent these kinds of attacks from happening, with Google search results for “firmware hack” and “firmware security” increasing year by year.
Why are firmware attacks so common? Modifying the architecture of the firmware itself is no easy feat; however, malware hackers usually corrupt the firmware by inserting malicious code during the pre-boot process, directly attacking the BIOS/UEFI firmware. Once the firmware is corrupted, despite fixing the problem, the firmware will never go back to an issue-free state again even though it has only been tainted once. The system will experience persistent problems, creating headaches for security mangers.
Firmware attacks have become so common that the National Institute of Standards and Technology (NIST) developed a set of guidelines, NIST Special Publication 800-147, detailing ways to protect BIOS/UEFI firmware from malware threats. The BIOS/UEFI is a central part in a PC’s architecture and with the looming threats of firmware attacks, security managers need to be proactive about creating a secure BIOS firmware security process to shield their systems from malicious modifications.
The key to preventing firmware attacks is to have an established line of defense. So how can security managers prevent malware attacks from happening?
Security managers should always be on the defensive and prioritize active security processes and updates.
Regularly check up on the firmware and make sure nothing is out-of-place.
Update the systems to patch potential vulnerabilities, prevent future attacks and diagnose any bugs/issues that could arise.
An authorization process for firmware updates (such as a digital signature verification) will only allow authorized individuals to make changes and apply settings.
This goes back to the whole, “being proactive” mindset.
For those who are using AMI’s BIOS/UEFI firmware, there are many ways to protect your firmware from attacks. AMI is no stranger to the realm of security threats and firmware attacks. As the producer of the leading UEFI BIOS firmware solution, Aptio V®, AMI has put in place various security protocols so customers can prevent unwarranted BIOS updates. Some security protocols/tools include:
By following these protocols and using the tools provided by AMI, users can mitigate the risk of malware attacks before it happens.
So lesson is, always be on the defensive and don’t take firmware security for granted. Anything that has firmware in it is at risk for attack and developing a process to address these risks is beneficial in protecting your systems. Everyone’s system contains a host of important, confidential information and if a hacker gets into all that information, you could be in some deep water. We don’t want hackers to gain access to your sensitive information now do we? So be proactive about your firmware security and keep those hackers at bay.