Slamming the Back Door on Platform Vulnerabilities

Slamming the Back Door on Platform Vulnerabilities

Feb 1, 2023 | FIRMly Secure, Tech Blog

Thomas McCarthy

Thomas McCarthy

Product Marketing

Today, companies and private individuals rely on the cloud for most applications.  Beyond the software end users see is an expansive number of supporting applications that monitor and manage a multitude of operational needs, including performance, security, updates and resource consumption.

Regardless of the purpose, cloud-based applications reach a huge number of systems and cover an unimaginable expanse of critical data, driving real-world businesses, services and personal lives. This creates enormous opportunity for hackers and cyber-criminals to proliferate malware and inflict enormous amounts of damage, affecting millions of people and bringing companies to their knees.

Costs of a Data Breach Continue to Rise

The cost of these attacks is on the rise.  According to the 17th “cost of a data breach” report by IBM and Ponemon, the average data breach costs in 2022 were $4.35 million, a 2.6% rise from 2021’s $4.24 million. These costs can be felt in loss of business, legal fees, recovery and breach management.  In October 2022, health insurer Medibank experienced an attack that was estimated to have cost $25 – $35M  – even before customer compensation, and regulatory and legal costs were to be paid.

Firmware Security is Foundational to Cybersecurity

Highly complex enterprise security software has been developed to address this concern.  Residing in the operating systems of the host servers, this security software is designed to monitor and prevent entry, as well as provide recovery in some cases, protecting applications and data. While the enterprise security software does a good job ensuring integrity through application and OS entry points, it is unable to protect through the entry points that reside below the operating system.

The elements that reside below the operating system, or platform components, include motherboard silicon and expansion cards, each with their individual firmware, serving purposes such as external and internal connectivity, data storage, power, display graphics and system boot. The firmware that runs each one of these components is loaded before or often at the time of system assembly and, in many cases, is rarely updated. If compromised, the firmware can introduce malware from the platform to the OS and applications, compromise data or succumb to hacks and disable the functionality of the components.

These types of platform-level attacks are on the rise.  A July 2022 article from Bleeping Computer reported that Kaspersky had found previously undetected malware on some computer motherboards embedded in firmware. Additionally, the October 2020 Futurum Research report found that 56% of companies experienced an external cyberattack attributed to a vulnerability in hardware or silicon-level security.

Chain of Trust Must be Trustworthy

The National Institute of Standards and Technology (NIST) recognized a gap in the chain of trust for the higher layers in the IT stack. In response, they created NIST 800-193, Platform Firmware Resiliency Guidelines. This standard is intended to drive compute system providers to ensure platform firmware resiliency, resulting in a chain of trust from the bottom to the top of the IT stack.  Compliance with NIST 800-193 means that the system platforms utilize security mechanisms to protect the platform firmware against unauthorized changes, detect unauthorized changes that occur, and recover from attacks rapidly and securely.

In line with NIST 800-193, silicon providers serving boot functionality are developing a set of requirements they call Hardware Root of Trust (HRoT), which provides foundational security and establishes a chain of trust for higher compute layers.

Robust HRoT Solution is the Answer

HRoT devices need specialized firmware to perform these features.  To drive detection and protection at its most critical point, this firmware should tie in closely and work optimally with the boot process. As such, a high level of expertise in the boot process and a keen understanding of HRoT functionality are required to best secure platform firmware through detection, recovery and protection.

AMI’s Tektagon Platform Root of Trust (PRoT) solution builds on HRoT devices to detect, recover and protect against platform firmware vulnerabilities driven at system assembly or through firmware updates.  Supporting both the open-source and closed-source communities, Tektagon supports microcontroller-based and FPGA-based HRoT devices and works with Intel, AMD and other processor-based host platforms. Leveraging more than 30 years of firmware expertise, AMI’s Tektagon works in unison with AMI’s Aptio and MegaRAC firmware, ensuring smooth operation while protecting the platform firmware.

More information about Tektagon, including a data sheet, infographic and whitepaper can be found here.

About AMI

AMI is Firmware Reimagined for modern computing. As a global leader in Dynamic Firmware for security, orchestration and manageability solutions, AMI enables the world’s compute platforms from on-premises to the cloud to the edge. AMI’s industry-leading foundational technology and unwavering customer support have generated lasting partnerships and spurred innovation for some of the most prominent brands in the high-tech industry. AMI is also a critical provider to the Open Compute ecosystem and is a member of numerous industry associations and standards groups, such as the Unified EFI Forum (UEFI), PICMG, National Institute of Standards and Technology (NIST), National Cybersecurity Excellence Partnership (NCEP), and the Trusted Computing Group (TCG).

You May Also Like…