The Firmware Risk
The recent flap over whether Chinese intelligence agencies placed spy chips on motherboards built by SuperMicro is a good reminder of risks we face from hardware. The allegations against SuperMicro are about a physical implant. Skeptics point out that it’s quite difficult to place a spy chip on a board and know, with any confidence, that it will be shipped to an espionage target. In contrast, firmware, which is largely invisible, appears to represent an even more insidious hardware-borne threat.
I spoke with Ambuj Kumar, CEO of Fortanix, about his perceptions of the firmware risk. In Kumar’s view, firmware is a critical entry point for malicious actors. “Wherever you see software, you need to realize that the code is really a slave to a more powerful entity, the firmware,” he said.
He cited the example of an app running on Linux. “I think I can achieve security for the app by patching Linux,” he shared. “But, I’m not really achieving as much security as I think. There is a lot firmware powering the Linux through many chips on the motherboard of the server. They typically come from multiple manufacturers. Each is running its own embedded operating system with its own firmware. If that firmware is compromised, then all bets are off. The firmware is more critical to security than the Linux operating system.”
The nature of the industry is partly to blame for this level of firmware risk, Kumar believes. From his perspective, there are thousands of people whose job is to make sure that platforms like Linux and Windows stay secure. Even then, there are vulnerabilities, but at least there are mechanisms in place to detect and remediate them. Firmware is a “dark horse,” as Kumar put it. “We have little idea what’s in it. There’s a lot of it, and few best practices. Even if you find a vulnerability in the firmware, it’s not always clear how to fix it or whom to contact about the issue.”
Luckily for everyone, firmware hacks are still extremely hard to pull off. However, Kumar pointed out that attackers are being pushed to firmware. “We’re starting to beat back software-based exploits in the same way that medicine started to defeat infectious disease a hundred years ago. Firmware starts to look appealing as an attack surface even if it’s more challenging to penetrate.”
The Fortanix approach to mitigating firmware risk is to enable data encryption at runtime. While this capability does not solve the problem of systemic takeover from compromised firmware, it makes it nearly impossible for the attacker to steal data from the system. Even if the hacker gets root control, he or she is blind to the data itself.