LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Is "static" firmware immune to malware infection? (https://www.linuxquestions.org/questions/linux-newbie-8/is-static-firmware-immune-to-malware-infection-4175660826/)

hddfsck 09-12-2019 04:37 PM

Is "static" firmware immune to malware infection?
 
Upon researching this topic, what I have read so far is that if the firmware is "updateable", it can be infected with malware. If it is "static", malware can not write to it because the firmware can not be changed, hence the term, "static".

JeremyBoden 09-12-2019 06:08 PM

Firmware is still low-level software and is usually updatable.

Even "burned in" firmware that can only be written once is software and could be issued with bugs.
Malware could still take advantage of this faulty firmware, even if it can't write to it.

hddfsck 09-13-2019 08:13 AM

Quote:

Originally Posted by JeremyBoden (Post 6036240)
Firmware is still low-level software and is usually updatable.

Even "burned in" firmware that can only be written once is software and could be issued with bugs.
Malware could still take advantage of this faulty firmware, even if it can't write to it.

If malware can not write to it, what can it do to give remote access? The companies I spoke with stated that the firmware is "either" static or updateable, not both. Thanks.

Turbocapitalist 09-13-2019 08:17 AM

The RAM will be easily infectable in the case you describe as "static", once the right bugs are discovered. A very interesting case in point would be the carna botnet which scanned the full IPv4 address space using a massive farm of both kinds of device. The author stayed in RAM though even on devices which were writable.

michaelk 09-13-2019 08:47 AM

If firmware is written to non volatile memory it can not be changed by malware. Either it is masked during manufacture or burned using a programmer but requires special hardware. However, modern BIOS memory can be updated easily by the end user and therefore is at risk of malware attacks. UEFI has some built in safeguards and better at detecting possible malware attacks.

As stated it is possible that firmware contains bugs which are exploitable without modification.

Turbocapitalist 09-13-2019 08:54 AM

UEFI might not be the best example, at least not a good example. UEFI has had malware for a long time and being the dog's breakfast that it is, there is a whole new world of UEFI malware opening up. It's not like they weren't warned in advance. But given some of the parties involved in causing UEFI it is the only outcome.

rnturn 09-13-2019 08:54 AM

Quote:

Originally Posted by michaelk (Post 6036403)
However, modern BIOS memory can be updated easily by the end user and therefore is at risk of malware attacks.

Once upon a time, you had to move a jumper on the motherboard if you were trying to update the firmware. But ever since everyone began thinking that jumpers==evil, it's been possible to corrupt a system's most basic functions. That's the price of making convenient something that is rarely done my most end-users.

hddfsck 09-13-2019 10:10 AM

Quote:

Originally Posted by michaelk (Post 6036403)
If firmware is written to non volatile memory it can not be changed by malware. Either it is masked during manufacture or burned using a programmer but requires special hardware. However, modern BIOS memory can be updated easily by the end user and therefore is at risk of malware attacks. UEFI has some built in safeguards and better at detecting possible malware attacks.

As stated it is possible that firmware contains bugs which are exploitable without modification.

Are you saying that it IS safer to never update the BIOS? Do computers nowadays come with the choice of either UEFI or legacy?

hddfsck 09-13-2019 10:12 AM

How would 'static firmware' apply to something other than the computer like a multi-card reader (media-card reader)? Safe from malware infection? Thanks.

JeremyBoden 09-13-2019 10:17 AM

How about a printer or a ethernet/wifi connection (these last two contain a burned in unique MAC address)?

michaelk 09-13-2019 07:12 PM

Quote:

Are you saying that it IS safer to never update the BIOS? Do computers nowadays come with the choice of either UEFI or legacy?
No. BIOS/UEFI updates from the manufacture I assume are safe. I assume that most UEFI motherboards have a setting to switch to legacy mode. There are other boot loaders i.e coreboot and similar variants.

There are many other consumer devices that use firmware i.e any IoT device, baby monitors, routers, thermostats, smart TVs, home automation devices etc...

hddfsck 09-13-2019 07:44 PM

Quote:

Originally Posted by michaelk (Post 6036591)
No. BIOS/UEFI updates from the manufacture I assume are safe. I assume that most UEFI motherboards have a setting to switch to legacy mode. There are other boot loaders i.e coreboot and similar variants.

There are many other consumer devices that use firmware i.e any IoT device, baby monitors, routers, thermostats, smart TVs, home automation devices etc...

1. How would 'static firmware' apply to something other than the computer, like a multi-card reader (media-card reader), regarding safety from malware infection? If the multi-reader has static firmware, is it safe from malware infection? I've been told the malware can not write to it, but other comments above regarding a computer show that 'static firmware', under certain conditions, 'is' vulnerable. Knowing if the multicard reader can be infected with malware (on its static firmware) is important as multiple sd cards go in and out of it.

2. Which is more desirable from a malware safety perspective, UEFI or legacy? Given the following from TC above, it seems legacy is:

"UEFI might not be the best example, at least not a good example. UEFI has had malware for a long time and being the dog's breakfast that it is, there is a whole new world of UEFI malware opening up. It's not like they weren't warned in advance. But given some of the parties involved in causing UEFI it is the only outcome."

Thanks.

hddfsck 09-13-2019 08:07 PM

Quote:

Originally Posted by Turbocapitalist (Post 6036406)
UEFI might not be the best example, at least not a good example. UEFI has had malware for a long time and being the dog's breakfast that it is, there is a whole new world of UEFI malware opening up. It's not like they weren't warned in advance. But given some of the parties involved in causing UEFI it is the only outcome.

Are you saying 'legacy' doesn't get malware infections?

Firerat 09-13-2019 09:18 PM

are we theory crafting or opening worm cans?

@hddfsck
Caution is good
however there is such a thing as overthinking a problem which may never come to be.

UEFI vs Legacy
Without getting into detail
Legacy mode makes the UEFI behave like it was its predecessor, good ol'BIOS.
you should consider it less secure.

Is UEFI flawed? yes
should you worry about it?
Nah, not really.

UEFI rootkits are in their infancy and they will go for the low hanging fruit first ( that will be Windows ). It will be a long time before they run out windows systems.

Turbocapitalist 09-13-2019 11:24 PM

Quote:

Originally Posted by hddfsck (Post 6036598)
Are you saying 'legacy' doesn't get malware infections?

BIOS does not, but it is not found in new machines.

UEFI can, regardless of mode, and you cannot avoid it in new machines, at least x86 based ones.

However, althrough on x86 there is no choice, because you have UEFI in all new x86 machines, the risk is still small because the vector is not exploited much yet. So even though there is a problem waiting to happen, there is no benefit to worrying, ... yet.


All times are GMT -5. The time now is 02:08 AM.