Home SecurityNetwork Security Lack of firmware validation for computer peripherals enables highly persistent attacks

Lack of firmware validation for computer peripherals enables highly persistent attacks

by ethhack

Security researchers have warned for many years that failure to digitally sign and validate the low-level firmware found in computers can lead to damaging compromises that are very hard to detect and fix. While the computer industry has made some progress in this area, especially when it comes to the Unified Extensible Firmware Interface (UEFI) in modern computers, new research shows that many peripheral manufacturers have not adopted modern firmware validation principles.

Researchers from security firm Eclypsium have found computer components with unsigned firmware or improper signature validation in laptops from major manufacturers, as well as in servers. The identified devices included a network interface chipset widely used in servers, a common laptop WiFi adapter, a trackpad, a full HD camera and an internal USB hub.

While these are technically peripheral devices because they communicate with the CPU over the USB or PCI interfaces, from a user perspective they are an integral part of the computers they’re found in. In most cases they cannot be removed or replaced without specialized tools and advanced technical knowledge about computer hardware internals as some of these chips are soldered onto the motherboard from factory.

How firmware updates

When most users think of computer firmware, they think of the UEFI, which is the modern equivalent of the BIOS. This low-level software stored in a flash memory chip (EPROM) on the motherboard handles the hardware initialization during the booting process and starts the operating system (OS) installed on the hard drive. Think of it as a mini operating system that performs a limited set of functions and gets the hardware ready before the end-user OS takes over.

While the UEFI can be viewed as the overall platform’s firmware, most of the individual components inside computers also have their own firmware. Hard-disk drives (HDDs) and solid-state drives (SSDs) have firmware, wireless and Ethernet chipsets have firmware, sound and graphics cards have firmware, and even the CPU has so-called microcode, a set of instructions burned into its silicon during the manufacturing process.

The OS talks to the peripheral components through system drivers that rely on the firmware to perform the various hardware functions. It gets even more complicated. Some components have a flash memory chip so their firmware is persistent, though it can often be updated from inside the operating system using the manufacturer’s utilities. Other peripherals, however, don’t have persistent storage, so a firmware image for them is shipped as part of the driver package and is loaded dynamically into memory every time the OS is booted.

Source link

Related Articles

Leave a Comment