Firmware is Foundational to Security
To understand the foundational nature of firmware, it is first necessary to understand what firmware is and how its protection affects the overall security of a hardware endpoint.
Firmware is software, named as such because it is permanent (firm) and functions to control each hardware element in the endpoint. Figure 1 shows firmware’s place in an endpoint’s tech stack. Commonly exemplified by BIOS in old PCs, firmware is the software that boots up first, telling the CPU how to load the operating system (OS) and other applications, as well as other functions.
Without firmware, the endpoint would not be able to operate and would be nothing more than an expensive paperweight.
Given firmware’s critical position as the software that controls every component of an endpoint, it is not surprising that hackers target firmware with great intensity. By compromising a device’s firmware, a malicious actor can gain complete control of a machine. Firmware makes this possible because it coordinates the hardware and software while also running as a precursor to the OS and applications.
An attacker that hijacks device firmware can easily eavesdrop, destroy or exfiltrate data, and even render an endpoint inoperable.
The current industry focus on Zero Trust (ZT) should also encompass firmware, though many Zero Trust models and solutions do not. This is a mistake, as firmware is the root of trust for any endpoint. Since it is the first software loaded, compromised firmware can become an undetectable backdoor—an invisible gateway for implanting a rootkit to hijack the OS or network communications. From a ZT perspective, endpoint hardware should not trust firmware by default. Any serious discussions around ZT must include processes that regularly re-verify the firmware root of trust.
Company
Partners
Market Segments
Firmware Expertise
Products + Solutions
Services + Support
Legal
Corporate Headquarters
2105 S. Bascom Avenue, Suite 316
Campbell, CA 95008.3295
Toll Free:
Tel:
Copyright © 2024 Phoenix Technologies Inc. All rights reserved | Privacy Policy | Terms of Use | Cookie Policy | Trademarks