Malicious Software (Malware) and Viruses on Firmware?

Just as we thought where viruses and malware are only for operating systems, think again…. these malicious software are also possible to be found on firmwares, or those small softwares that control various electronic devices, which can be within or outside the computing areas.

We can only enumerate these electronic devices that may use firmware. Among of these are : calculators, printers, TFT monitors, digital cameras, mobile phones, music instruments like electronic keyboards, electronic drumpads or synthesizers. Of course, your CMOS – those things you see while your computer is booting up, your external hard disks, your LAN and WLAN routers, also use firmwares.Your most favorite MP3 players also utilize firmwares. Your car’s computer chip also utilizes firmware.

Recently, IT security experts have found traces of these tiny software embedded within the CMOS, whose purpose is to destroy the equipments as well as for information theft. Most of these firmwares contain “logic bombs” which are timed to go off noticably or unnoticably at a specific time. The payloads of these are from a simple hardware failure, destruction of the attached devices, or if it is within your computer’s CMOS, may set off file deletions or even network intrusions.

Now, once malicious firmware has been inserted into electronic components, it can be almost impossible to detect. Because it is in the hardware, the malware will remain in place even where all the software has been upgraded or replaced. The circuits in which the malware would be hidden are microscopically small and enormously complex. What’s more, like malicious software, it is possible to look directly at malicious firmware and not see anything wrong with it.

Cleverly written malware will perform the kinds of operations that the system or the equipment is routinely supposed to perform. It will just perform those operations at exactly the wrong time, for example, running a payroll process every week, or place an electronic order to a supplier everyday.

What can be done to avoid this problem now? Nothing. One thing we can do about it is to check whether your equipment manufacturer employs strict standards on the installation of firmwares on their equipments prior to assembly. If you are in doubt on that manufacturer, do not buy the product. Please take note that there are no anti-virus solution that can detect these for these malware are embedded within the circuitry systems of each device. If an anti-virus provider says they can provide protection and solution, then, do not listen to them.. They are bluffing. Imagine putting an anti-virus program in your car’s computer system…

Since the scope of the problem is really too broad, solving the problem on our current situation may seem impossible at this time.

Now the good news… Logic bombs may only work once, but that’s also the case for real bombs. No one complains about their lack of repeatability, but to the effect of what?

It’s hard to tell if this is a realistic and growing threat that government, corporate agencies, the private sector and individual consumers should worry about, or whether it’s one of those late-night worries about risks with catastrophic consequences but no real chance of happening – like being struck by lightning while waiting for a ride home.

It is one more thing to worry about, though, and one more reason to make sure you have internal security systems designed to detect malicious activity – not just malware signatures – so they can identify and shut down attacks whose source you can not yet identify.

It’s just a little disturbing to hear that even if you build a rock-solid defense against malware entering from all those other points, an RFID chip or print-toner-monitoring component could seed your network with malware that gives someone else a porthole through which to watch you work.

No reason to panic though…..

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s