Picture yourself in your office right now. How many devices with an internet connection would you guess you own? Five? Ten? More? Now try and count how many total applications are attached to all those devices. How often are all these apps updated? How often do you get notifications that the device has a new software version update? In our Industry 4.0 world, we constantly respond to our devices' demand to replace outdated software. But how often do you consider updating your devices' hardware?
Device hardware stores software, so it is equally imperative that hardware stays up to date. However, replacing device hardware is not nearly as convenient and straightforward as replacing software. Software updates typically involve accepting an automated notification without any real thought. On the other hand, hardware replacement is far more tedious and requires some niche expertise that not every device end-user will possess. The good news is we can avoid device hardware replacement complications if we shift our focus to firmware. For the most part, firmware updates can bridge the gap between software and hardware updates.
What is firmware?
In very rudimentary and general terms, firmware is the type of software etched directly into the device hardware. It allows the device hardware to effectively think for itself without installing additional software. It operates without going through application programming interfaces (APIs), the operating system (OS), or device drivers. Essentially, the firmware provides the needed instructions and guidance for the device to communicate with other devices or perform tasks and functions.
Firmware is ubiquitous in today's IT world, where the Extended Internet of Things (XIoT) connects almost every device imaginable (even those not connected to the public internet). Examples include vehicles, Bluetooth-connected appliances, essential life-monitoring medical devices, and even a vending machine in an office break room. Firmware is the device component instructing the device's processor to execute tasks. Without firmware, a computer's motherboard would be unable to connect with the hard drive during the boot phase, meaning the device would be rendered almost useless. Firmware even controls the operations and interactions of disk or solid-state storage devices with the rest of the system. The bottom line is the individual hardware components within a device cannot communicate with one another, or even know their intended tasks, if firmware is not present or operative.
Firmware can be broken down into three principal components, known as the bootloader, the kernel, and the file system.
- The bootloader is responsible for "waking up" the device and allocating the necessary resources within the device needed to accomplish the assigned tasks.
- The kernel is essentially the required intermediary layer between the software and hardware.
- The file system is where all the individual files necessary for the device's performance are stored, including web servers and network services.
The device's firmware capabilities are limited to the types of processors for which the firmware is designed to provide instructions. This means the type of firmware will vary based on the hardware device specifications and can lead to complications when updating device firmware. During the upgrade process there is a moderately high risk of firmware corrupting, which would render the firmware unable to communicate with device processors. Once the firmware is corrupted, it is incredibly challenging to replace. Furthermore, when the firmware is corrupted during an update it becomes highly vulnerable to opportunistic cyber incursions looking to breach a network perimeter.
When & why should firmware be updated?
The most common reason for a firmware update is as a security measure. Data breaches are more common than ever before. This means device security must be constantly enhanced and firmware constantly updated. Firmware also has to be updated whenever a new feature becomes available to improve device performance efficiency. The most practical way of increasing efficiency is to decrease the delay in device processor communication. This would, of course, involve updating the firmware to maximize the speed of device hardware communication.
Shifting focus from software and hardware updates to firmware updates will undoubtedly create unprecedented conveniences in ensuring our XIoT devices stay up to date. With firmware updates, we will no longer need to worry about the tedious process of updating device hardware to keep up with software updates. However, these benefits will come with security risk adjustments to which firms and individual users must adapt. Security Risk Management Teams must turn their undivided attention to firmware vulnerabilities to secure their private network domains.
Manufacturers usually update firmware using OTA platforms instead of manual procedures, which are excessively complicated and impractical. OTA functions remotely (without adjusting XIoT device hardware) to add new firmware security measures and seal any neglected vulnerabilities.
As convenient as OTA platforms are for updating firmware, there are several insecure procedures manufacturers will often use that allow hackers to compromise XIoT devices through insecure updates. These include:
- Signing Compromises. Unverified users can be easily granted access to undefended XIoT device code signing keys and can compromise and do anything they want to the device.
- Insecure Coding. Cybercriminals who scan device coding could modify device programming to enable a device crash, allowing a data breach.
- Insecure Software Supply Chain. Software supply chains use insecure open source components with embedded vulnerabilities, which hackers will commonly seek out to breach private network perimeters.
- Forgotten Testing Services in Production Devices. When XIoT devices are manufactured, they are given debugging services and credentials during production, which potential adversaries are familiar with and could easily circumvent to compromise the device.
These network security risks may not sound too daunting, but they can open the door to some terrifying and sickening consequences. Not only can insecure firmware updates allow ruthless hackers to compromise essential sensitive information, but they can also enable some truly evil outcomes. Examples include breaching a smart car's firmware, disabling proper brake function, and even compromising a personal pacemaker and rendering it inoperable. This is the reality of how horrifying the consequences of insecure firmware updates can be. Without properly secured updates, the potential for a merciless hacker is virtually limitless.
XIoT devices make up more than 30% of all network-connected endpoints, making them incredibly vulnerable to an attack from a potential hacker. Firms must be aware of how easy it is for hackers to orchestrate a data breach, meaning updating XIoT firmware is an invaluable procedure IT security teams must constantly practice. Firmware updates are essential to fix software bugs, patch vulnerabilities, or add new security features. However, as we’ll discuss, updating the firmware compounds another data security risk cybercriminals use to compromise XIoT devices. As important as it is to update firmware, updating it securely is equally, if not even more, essential for proper cyber security. In other words, if the XIoT device security is only as strong as the firmware security!
Firmware on the cybersecurity battlefield
In the world of XIoT, firmware is by far the most essential component of any device, especially from a cybersecurity standpoint. Not only is firmware consequentially vital to IT security, but it is also perhaps the most vulnerable component of XIoT. In Industry 4.0, even the less sophisticated cyberthreats manage to breach private network perimeters through device firmware by default credential techniques. This vulnerability begs the question: How do we modify the firmware to protect against these hackers and make XIoT less susceptible to a data breach? The answer to this question requires us to dig even further into firmware's structure and identify why it is so vulnerable. More specifically, we need to assess how hackers gain access to IoT devices using firmware and the ways we can prevent potential breaches.
The four most common ways a hacker could breach a connected device's firmware are:
- The Internet. The internet offers a plethora of message boards and accredited device manufacturing websites that provide device firmware for easy download and access.
- Physical Access. This method works exactly as it sounds. The biggest drawback to this method is the hacker would 99.9% of the time need to be physically present to breach the targeted network, generally via USB port.
- Over the Air (OTA) Sniffing. This is done by capturing device network traffic using a packet sniffer application while the firmware is undergoing an update. This relates to what we discussed earlier, how firmware needs to be updated often and henceforth gives hackers a massive opportunity to breach network firewalls. While the update is ongoing, the hacker would seize the necessary binary and gain complete control of the XIoT device firmware.
- Reversing an Application. This method would require a bit more creativity from the hacker, who would have to discover an application running on the IoT device and find a way to capture the firmware binary. Once the firmware binary is compromised, a hacker can access the file system and own the firmware along with the device.
What can firms do to mitigate these types of data breaches?
- Limit the volume of sensitive information on IoT devices. In the event of a corrupt firmware update, all this information could easily be compromised by hackers. Instead, store all sensitive information using cloud software to avoid all the risks associated with firmware compromisation.
- Connect IoT devices to only one internet pathway (i.e., cellular data or internet). This limits hackers to only one point of attack, which is much easier to monitor adversaries than multiple routes.
- Ensure an update's origin and integrity come from a verified, trusted vendor. XIoT devices can use an MTM (Machine to Machine) authentication mechanism to ensure the upgrade comes from a legitimate, trusted vendor and not a hostile adversary.
- Use unique identities and secure code signing when running OTA updates. This newer technique acts as a sealed, marked signature on the update from the reputable, trusted source to ensure the update has not been maliciously tampered with by a third-party adversary before arriving at the XIoT device.
In the increasingly dynamic and complex worlds of Informational Technology and Cybersecurity, firmware will continue to play a valuable role in ensuring both fields keep pace with the changing times. This reality, coupled with the exponential growth of XIoT, will force IT Security and Risk Management Teams to scrutinize their device firmware and constantly verify that their firmware is equipped with state-of-the-art features. An XIoT device is only as secure as its firmware.
------------------------------------------
Written By: Brad LaPorte, republished here with the Author's permission.
Brad LaPorte is a former top-rated Gartner Research Analyst for cybersecurity and Threat Intelligence, veteran US Cyber Intelligence, and product leader at Dell, IBM, as well as at several startups. Brad is currently a Strategic Advisor for NetRise and Advisor at Lionfish Tech Advisors, actively helping cybersecurity and tech companies grow their go-to-market strategies.
Cover art: pixabay with modifications.
Cover art: pixabay with m