Be Proactive About Firmware Security!

Be Proactive About Firmware Security!

Firmware is everywhere; in every system and nearly every technology device we use on a daily basis - clearest example would be computers/laptops. Firmware is also highly vulnerable to malware attacks, where hackers corrupt the firmware to create persistent problems for the firmware despite security managers "fixing" the initial issue. Firmware attacks are so common that people constantly research ways to prevent these kinds of attacks from happening, with Google search results for "firmware hack" and "firmware security" increasing year by year.

Why are firmware attacks so common? Modifying the architecture of the firmware itself is no easy feat; however, malware hackers usually corrupt the firmware by inserting malicious code during the pre-boot process, directly attacking the BIOS/UEFI firmware. Once the firmware is corrupted, despite fixing the problem, the firmware will never go back to an issue-free state again even though it has only been tainted once. The system will experience persistent problems, creating headaches for security mangers.

Firmware attacks have become so common that the National Institute of Standards and Technology (NIST) developed a set of guidelines, NIST Special Publication 800-147, detailing ways to protect BIOS/UEFI firmware from malware threats. The BIOS/UEFI is a central part in a PC's architecture and with the looming threats of firmware attacks, security managers need to be proactive about creating a secure BIOS firmware security process to shield their systems from malicious modifications.

The key to preventing firmware attacks is to have an established line of defense. So how can security managers prevent malware attacks from happening?

  • Be proactive and emphasize security
    Security managers should always be on the defensive and prioritize active security processes and updates.
  • Pay attention to your firmware
    Regularly check up on the firmware and make sure nothing is out-of-place.
  • Stay up-to-date with the latest BIOS/UEFI firmware updates
    Update the systems to patch potential vulnerabilities, prevent future attacks and diagnose any bugs/issues that could arise.
  • Have an authorization/authentication process
    An authorization process for firmware updates (such as a digital signature verification) will only allow authorized individuals to make changes and apply settings.
  • Report and troubleshoot issues ASAP
    This goes back to the whole, "being proactive" mindset.
  • For those who are using AMI's BIOS/UEFI firmware, there are many ways to protect your firmware from attacks. AMI is no stranger to the realm of security threats and firmware attacks. As the producer of the leading UEFI BIOS firmware solution, Aptio V®, AMI has put in place various security protocols so customers can prevent unwarranted BIOS updates. Some security protocols/tools include:

  • Release of BIOS firmware updates available to customers
  • An in-house BIOS Security team that will quickly address security concerns/issues while also providing recommendations on security practices
  • Downloadable encryption keys to encrypt sensitive information when sending information to the BIOS Security team
  • Secure signing process using the Signing Server utility that verifies the authenticity of BIOS updates with signature verification
  • NIST SP 800-147 Secure Flash support
  • By following these protocols and using the tools provided by AMI, users can mitigate the risk of malware attacks before it happens.

    So lesson is, always be on the defensive and don't take firmware security for granted. Anything that has firmware in it is at risk for attack and developing a process to address these risks is beneficial in protecting your systems. Everyone's system contains a host of important, confidential information and if a hacker gets into all that information, you could be in some deep water. We don't want hackers to gain access to your sensitive information now do we? So be proactive about your firmware security and keep those hackers at bay.

    Jami 11/19/2018

    Hi, is there a checksum or a American Megratrend ID number to verify authenticity of my BIOS ? Jami


    Submit Comment

    TOP