Dangers of Firmware as a Mini-OS
Posted by Mario Vuksan on Wed, Jul 23, 2008
As security is moving into hardware, network cards, hard drive firmware and motherboards, are starting to look more and more like mini-Operating Systems. This is all the opposite direction to where the TransMeta promise would have taken us.
But from the security perspective, it appears that the security infrastructure that we have been building so far will be useless as well. This is something that is already happening with Virtualized Environments as people are expecting new tools and new technologies to be developed.
We can expect hardware components to be owned, participate in distributed attacks and permanently shut our ability to easily recover already at the hardware level.
How often would you be patching your firmware embedded web browser?
More software complexity will expose more bugs, more vulnerabilities, and will bring in more third party code to erstwhile monolithic code bases. It will be interesting to watch firmware updates performing automatic over the web updates. I wonder how will it inform the user of the impeding system reboot request? Let's assume for the moment that the time of trivial protections against random firmware flashing, and PDOS attacks are over.
Intel's Centrino Active Management, built a web server into your motherboard, allowing you to quite easily override the behavior of your hardware, firewall rules, etc., even when the machine is powered off. This is all quite alarming on the Cryptography mailing list. Ivan Krstic, one of the most influential security minds according to eWeek, has been quite severe in his keynote address at the FIRST 2008 conference in Vancouver. Obviously, all the rage is over advanced "features" that are now accessible to anyone even when the machine is powered off. I bet Ivan hasn't read Eric Filiol's piece from July's edition of VirusBulletin that talks about accessing RAM when the machine is powered off. Yes indeed, data continues to persist. Let's welcome a new set of spy movies.
From the Application Whitelisting perspective, this is a worthy opportunity, since who will not want to have the firmware image locked down? You just want the trusted components and their updates to reside in the hard to reach depths of your hardware. But to get there, we need to start promoting some basic standards and procedures. For example, this still seems to be quite relevant. For purpose built operating systems, firmware images and appliances, a control harness that limits the built-in OS to do only what it should, has to be a priority from the security aspect.