The topic of software security is hard to ignore, even for end users who don’t have a technical bone in their body. Whenever you get a notification to update your iPhone, the device’s software is being patched to protect against security vulnerabilities.
Meanwhile, the topic of firmware security can easily slip under the radar. For example, people may have security vulnerabilities on their wireless routers because the firmware is out of date, yet fail to even realize it.
In this article, we’ll discuss why firmware security is difficult to do well—yet why it’s also essential to do so.
What is Firmware Security?
What is firmware?
Firmware is software that is permanently embedded on a hardware device, such as a microchip or a Bluetooth module. The purpose of firmware is to provide an interface for the hardware or to instruct the device how to operate.
Every electronic device you have uses firmware, even your Keurig coffee machine. However, devices that are particularly vulnerable to exploits are those that are connected to the Internet either directly or indirectly.
How is firmware security implemented?
The best strategy for firmware security is to air gap the device by preventing it from connecting to the Internet. If this isn’t possible, the next best thing is to make sure that your firmware can be updated reliably and regularly, perhaps using over-the-air (OTA) firmware updates. If updates can not be done OTA, users must download updates from the manufacturer and install them.
Caution is observed when incorporating any 3rd-party dependencies. The dependency has to be rigorously reviewed.
Code reviews occur with each change to the firmware. Reviewers should take a deep look at the code and its dependencies to search for any vulnerabilities. Checks and balances need to be in place when building firmware. Getting a second opinion is never a bad thing when it comes to security.
Special care has to be taken to avoid buffer overflows and remove development backdoors if they exist. Far too many systems are compromised due to these easily avoidable bugs.
What are the Threats of Insufficient Firmware Security?
What can go wrong?
The risks of poor firmware security can be quite scary and even life-threatening:
- In 2015, hackers demonstrated that it was possible to remotely tamper with the firmware of the Jeep Cherokee, including shutting down the car’s engine entirely. The car’s manufacturer, Fiat Chrysler, was forced to recall 1.4 million vehicles in the U.S.
- Also in 2015, the power grid in Ukraine was the subject of a massive cyberattack that targeted three of the country’s biggest energy distribution companies. The attack disrupted power services to 230,000 people for a duration of 1 to 6 hours. Experts attributed responsibility to hackers supported by the Russian government.
- Life-saving devices such as pacemakers and defibrillators are potentially hackable, although there are no documented cases of this so far.
What areas are most susceptible to firmware threats?
Some of the types of devices that are most susceptible to firmware threats and vulnerabilities are:
- Those devices that have an Internet connection, can't be updated OTA, and that the user does not interact with frequently (e.g. an Internet router). In this case, it’s easy for users to forget about updating the device.
- Those devices that use closed source or proprietary firmware, which means that it’s unable to be vetted by the user community. Firmware is often created as quickly and cheaply as possible, and no one outside the manufacturer is able to check the code for vulnerabilities.
Why It's Hard To Get Firmware Security Right
Attacks on firmware are difficult to detect with current antivirus and security software. This is because firmware resides at architectural levels of the device that are not usually accessible to these tools.
Once malware has infiltrated the firmware, it gains full access to the system. What’s more, malware hidden inside firmware is hard to erase—it can even survive reboots and fresh installs of an operating system.
Firmware is also not as straightforward to update as software. Users might have to download a patch from the manufacturer and make some changes to the device settings. Although OTA updates are becoming more common, they’re still far from mainstream.
In addition, there is currently a lack of strong open source platforms for firmware security. The idea of devices running firmware while connected to the Internet is relatively new, and there aren’t a lot of open source tools on the market. Another complication is that most firmware runs in an environment with severe hardware resource constraints, which makes it difficult to run industry-recognized security tools and procedures on the firmware.
Best Practices for Implementing Firmware Security
What can you do to ensure that your firmware security is sufficient?
- As more open source tools and platforms become available, it will be easier to identify and implement best practices for firmware security. Tools such as PlatformIO are a good start.
- Firmware developers must have verification processes in place. Your code should always be checked by a third party for vulnerabilities.
- The device should be kept as "dumb" and simple as possible. If possible, any complicated work should be offloaded to servers in the cloud that can be updated easily.
- Vulnerabilities in hardware components themselves, such as Spectre, are also important to keep tabs on.
If you’re concerned about firmware security, the most important trait you can have is proactiveness. Take the time to educate yourself about the current threats, platforms, and best practices.
The field of software security is already quite robust and mature. In order to improve firmware security, we expect that much of organizations’ knowledge and experience from software security will make its way into firmware as well.
Concerned about the security of the firmware on your own device? Reach out to a skilled technology partner like Very to learn how we can help.