Is "static" firmware immune to malware infection?
Upon researching this topic, what I have read so far is that if the firmware is "updateable", it can be infected with malware. If it is "static", malware can not write to it because the firmware can not be changed, hence the term, "static".
|
Firmware is still low-level software and is usually updatable.
Even "burned in" firmware that can only be written once is software and could be issued with bugs. Malware could still take advantage of this faulty firmware, even if it can't write to it. |
Quote:
|
The RAM will be easily infectable in the case you describe as "static", once the right bugs are discovered. A very interesting case in point would be the carna botnet which scanned the full IPv4 address space using a massive farm of both kinds of device. The author stayed in RAM though even on devices which were writable.
|
If firmware is written to non volatile memory it can not be changed by malware. Either it is masked during manufacture or burned using a programmer but requires special hardware. However, modern BIOS memory can be updated easily by the end user and therefore is at risk of malware attacks. UEFI has some built in safeguards and better at detecting possible malware attacks.
As stated it is possible that firmware contains bugs which are exploitable without modification. |
UEFI might not be the best example, at least not a good example. UEFI has had malware for a long time and being the dog's breakfast that it is, there is a whole new world of UEFI malware opening up. It's not like they weren't warned in advance. But given some of the parties involved in causing UEFI it is the only outcome.
|
Quote:
|
Quote:
|
How would 'static firmware' apply to something other than the computer like a multi-card reader (media-card reader)? Safe from malware infection? Thanks.
|
How about a printer or a ethernet/wifi connection (these last two contain a burned in unique MAC address)?
|
Quote:
There are many other consumer devices that use firmware i.e any IoT device, baby monitors, routers, thermostats, smart TVs, home automation devices etc... |
Quote:
2. Which is more desirable from a malware safety perspective, UEFI or legacy? Given the following from TC above, it seems legacy is: "UEFI might not be the best example, at least not a good example. UEFI has had malware for a long time and being the dog's breakfast that it is, there is a whole new world of UEFI malware opening up. It's not like they weren't warned in advance. But given some of the parties involved in causing UEFI it is the only outcome." Thanks. |
Quote:
|
are we theory crafting or opening worm cans?
@hddfsck Caution is good however there is such a thing as overthinking a problem which may never come to be. UEFI vs Legacy Without getting into detail Legacy mode makes the UEFI behave like it was its predecessor, good ol'BIOS. you should consider it less secure. Is UEFI flawed? yes should you worry about it? Nah, not really. UEFI rootkits are in their infancy and they will go for the low hanging fruit first ( that will be Windows ). It will be a long time before they run out windows systems. |
Quote:
UEFI can, regardless of mode, and you cannot avoid it in new machines, at least x86 based ones. However, althrough on x86 there is no choice, because you have UEFI in all new x86 machines, the risk is still small because the vector is not exploited much yet. So even though there is a problem waiting to happen, there is no benefit to worrying, ... yet. |
All times are GMT -5. The time now is 02:08 AM. |