Three steps to save ourselves from firmware attacks

Following on the news that the (likely NSA-affiliated) Equation Group has developed a suite of firmware attacks that target the software embedded in your hard-drive and other subcomponents, it's time to expand the practice of information security to the realm of embedded software.

Of course, for that to happen, manufacturers will have to stop deliberately obfuscating their firmware and start putting up their code for audit, then signing and checking the code when devices run.

Although this is a daunting problem, it is solvable. To avert this disaster there are three things that must happen right away:

1. Firmware must be properly audited. Hardware manufacturers need to hire security professionals to audit their firmware and publish the results. Preferably, hardware companies should hire full time security staff to make sure that their code is audited before it ever gets installed. Hardware manufacturers could also release the source code for their device's firmware, allowing independent security researchers and laypersons to review the code as well—and perhaps even improve it. People have a right to inspect the code that is running on their computers.

Firmware updates must be signed. Firmware updates should be signed by the manufacturers so that we can be sure we are installing trusted code when we upgrade our firmware. Additionally, manufacturers should ensure that there is an easy mechanism for the average user to check the signature and upgrade their firmware. Ideally users would not have to rely on the broken certificate authority system to verify these signatures.

We need a mechanism for verifying the integrity of installed firmware. Of course, even if we have signed updates to firmware, some piece of malware could reprogram the firmware already on the device and have a good long life, before it eventually gets updated (if ever). Because of this, we need a way to verify the code on our hardware devices at boot time or run time in a way that can't be subverted by malicious firmware already on the device. 2

None of these things are inherently difficult from a technological standpoint. The hard problems to overcome will be inertia, complacency, politics, incentives, and costs on the part of the hardware companies.

We have given up control of our computing. We are trusting too many different devices—devices we have no reason to trust given that they could be compromised without our knowledge. The time has come to take back control of our computing devices and our security. We must put pressure on hardware companies to ensure that their products are trustworthy, even (and especially) after they leave the factory floor. We must act now to ensure a future where the foundation of computing is secure.

Are Your Devices Hardwired For Betrayal?
[Cooper Quintin/EFF]

(Image: Xbox-Motherboard-Rev1, Evan-Amos, Public Domain)