BIOS and UEFI firmware attacks
Attacks can come from anywhere. You will see viruses, ransomware, spyware, worms, Trojans and many more on the internet daily. Of course, some of them are more harmful than others, but there are general ways that you can get rid of them on your computer. You could erase the operating system and then reinstall it back onto your device, or you could reformat your hard drive. As we progress into the future, attacks are becoming more and more sophisticated. They are now harder to detect and figure out how they work. Thus, making them harder to deal with. Fortunately, there are still ways to deal with these threats. However, there has been one attack that has been always lurking in the shadows. Something that has been around for a while that many people are unaware of. This attack is called BIOS and UEFI attacks. The fact of the matter is, these attacks have been around for a long time. It has just been over looked by so many cyber security experts.
BIOS (basic input/output system) and UEFI (Unified Extensible Firmware Interface) devices are used to boot up the device along with other things like managing data flow between the computer’s operating system and attached devices such as the hard disk, video adapter, keyboard, mouse and printer. BIOS devices are usually found in older computers while UEFI is found in newer devices because it was designed to be BIOS’s replacement. UEFI and BIOS are found on the motherboard on a chip. This chip is called firmware because it simply just holds programs. That is why you might hear BIOS and UEFI called firmware. For hackers, this means that they can install malware to the firmware. This means that it will be able to bypass the security of the machine because it activates after the machine boots up. Meaning, that the virus will run without the user or the security software noticing it.
Hackers will use something called a rootkit to infect the firmware. A rootkit is a software that can gain access to a computer without the person knowing it. A root is called a super user on Linux and on Windows it is called administrator. So, in turn, rootkits take over the root account and uses those privileges to hide itself from the user. These can be downloaded on to the computer by accident or download to the user’s computer without their knowledge. The rootkits will then go in and change system settings, download files, gain access to devices on the computer and much more. These rootkits can be found using BIOS and UEFI to get away with being undetected. Once they have gained access to the BIOS or the UEFI, it is hard to get rid of them. This means that the malware can stay there if you even reformat your hard drive.
Over the years, cyber security experts have glossed over the BIOS and the UEFI because it was seen not to be a threat area to check into. However, after the events of Meltdown and Spectre, things that were seen not to be a threat in a computer began to be one. The Meltdown and Spectre attacks were attacks towards processors in computers. This was thought not to be a security threat. This trend extends over to the BIOS and the UEFI firmware as well. Therefore, we are seeing more and more experts dive into these devices because attackers are hacking into these types of devices. The results of these types of attacks can be devastating. Since these attacks are often hiding and are not discovered by regular users, we can see these attacks stay on a computer for a long time. It can continually collect data like credit cards numbers, social security numbers, medical records, etc. They can also be responsible for companies losing potentially millions of dollars.
So, what can we do to protect ourselves against these types of attacks? Well, you can practice safe methods when you are on the internet. This means do not download anything from an untrusted source, do not open unexpected emails from unknown people, do not go on risky websites and do not give out personal information. Be careful with insecure Wi-Fi connections. Attackers could be waiting on the network and use something called Nmap to scan your computer for vulnerabilities. Also, the manufacturer of the firmware should already have security software install on them to protect them. I know that it sounds bleak that there is not that many solutions for this problem, but if you practice safe methods on the internet, this type of malware should not attack your computer.