How to protect from firmware attacks

Firmware is an often overlooked area when it comes to security, but Simon Shiu, head of Security Lab at HP Labs, believes that more can be done to ensure that devices can be securely updated.

As we move towards an IoT world, more and more devices are connected. Securing those devices becomes critical, as it is demonstrated that the majority of attacks start from the endpoints. A fast growing area of attacks on devices, as the 2016 Intel McAfee Labs Threat Prediction report highlights, is firmware attacks. These attacks are amongst the most likely to grow in seriousness and the underground market for attack tools that make them possible is constantly expanding.

Firmware, which resides in a non-volatile memory device on a PC or printer circuit board, is typically the first code to execute on a device when it is turned on. As a result, firmware attacks are difficult to detect – and allow attackers to gain broad control, as they can access all hardware resources and administration and control capabilities. 

Attackers can then monitor and remotely control all activities on the target device with perfect stealth. Moreover, these firmware rootkits can escape many existing client device security solutions and be persistent to the extent that they can sometimes be impossible to remove without a system board replacement.

“Firmware attacks are difficult to detect – and allow attackers to gain broad control.” 
Simon Shui, HP Labs

HP researches and provides state of the art below OS security. An example of this is our self-healing PC BIOS security solution HP Sure Start. This independent chip is capable of detecting firmware intrusion in PC BIOS and repairing it instantly without any action required from the user or the administrator of a device. HP Sure Start validates the integrity of the firmware image before it is executed at boot. If validation fails, a protected and cryptographically verified ‘Golden Copy’ of the firmware is used to repair the device. The Golden Copy is stored in private isolated Non-Volatile Memory (NVM) that no third party firmware or software can access.

Printers are often overlooked. In recent years, HP has made considerable investments in protecting printers at the lowest-level. Today, HP LaserJet printers offer the most advanced security for their BIOS and the rest of their firmware image. This allows a printer to recover quickly to a functional state in case of attack for uninterrupted productivity and work flow.

Both our PCs and printer firmware security solutions have been designed with cyber-resilience in mind, which is the ability to protect to the best capacity, detect if protection fails, and recover quickly and seamlessly to a safe functional state. At HP it is important to be humble and accept that occasionally attacks will go through. Therefore, it is key to know how to recover with as little disruption to a workplace as is possible.

PCR’s Sector Spotlight on Security – in association with BullGuard – is running throughout November 2016 – click here for more articles

Check Also


In PCR’s September issue we focus on the challenging topic of Diversity, Equality & Inclusion. …