What you should know about firmware viruses:-
By Leslie Meredith, Tech Matters - | Aug 8, 2015
Firmware viruses are among the most dangerous to your computer, whether you
have a Windows PC or a Mac. They’re hard to detect and even harder to remove.
News of a test worm built to attack Macs was unveiled at this week’s Black Hat
security conference in Las Vegas, showing that when it comes to firmware, both
operating systems are vulnerable.
Understand that this is a laboratory virus created by researchers to show
manufacturers how their machines could be at risk to an attack. By sharing the
research, it is hoped that manufacturers and software developers will fix the
identified weak points. In this particular case, Thunderstruck 2 was shown to
be able to allow a firmware attack to spread automatically from one Mac to
another without a network connection. It is the first such experimental virus
of its kind.
However, there’s no magic here. While the malware doesn’t use a network
connection, it must be transferred from one computer to another via a
peripheral device. And more importantly, the original infection enters a
computer in the typical way — by the user clicking on a malicious link in a
phishing email. Once infected, the virus waits until it detects a peripheral
device, transfers the virus in seconds and so the spread begins. In the test
case, an infected Apple Ethernet adapter was used. The researchers have
alerted Apple of its findings and the company is working on patches to
eliminate the vulnerabilities.
Firmware is present in most computerized devices. It is a type of software
embedded in a piece of hardware. Manufacturers use firmware updates to add new
features to devices. The problem stems from the fact that firmware is outside
the machine’s operating system, which means it’s outside the reach of most
antivirus programs. An infection can be nearly impossible for the typical
computer user to remedy. Even wiping your computer won’t eliminate malware in
firmware. When you do a clean install, you’re replacing your operating system,
but the firmware remains. The only way to get rid of a firmware virus is to
reprogram or replace the chip that contains the firmware.
“For most users that’s really a throw-your-machine-away kind of situation,”
Xeno Kovah, one of the researchers who designed the worm, said in an interview
with Wired. “Most people and organizations don’t have the wherewithal to
physically open up their machine and electrically reprogram the chip.”
Firmware is also particularly vulnerable to attack because most hardware
makers, PCs and Macs alike, usually use much of the same firmware code and
it’s often left unencrypted. While computer manufacturers could implement
protections, they would require a substantial investment. But this type of
malware is also very expensive to create and therefore, quite rare. Still,
it’s worth taking steps to protect your computer.
One way to reduce your risk is to buy peripherals like Ethernet adapters and
SSD cards from only reputable manufacturers. Don’t use USB drives from an
unknown source — even those you pick up from a conference where they are often
handed out like candy. Don’t allow someone else to use any of these small
devices on your computer.
Don’t let your computer out of your sight while traveling. Security firm
Kaspersky has noted state-sponsored attacks at airports and border crossings,
dubbing such malicious stunts as “evil maid” attacks. A traveler’s computer is
removed for inspection and a peripheral device is used to infect it. Unless
you’re a spy or traveling in very risky countries, I wouldn’t worry too much
about this one.
But a very real and common pitfall is the phishing email. If you receive an
email that contains links or attachments, don’t click or open them unless you
are confident of the source. Likewise, avoid visiting unknown websites that
can contain malicious code that can be transferred to your computer simply by
opening the page — known as a drive-by attack. Always use secure and unique
passwords for your accounts. Keep your computer up-to-date and remove any
software that you don’t use to reduce possible entry points for malware.
Leslie Meredith has been writing about and reviewing personal technology for
the past six years. She has designed and manages several international
websites. As a mom of four, value, usefulness and online safety take priority.
Have a question? Email Leslie at
asklesli...@gmail.com.
Ref:-
https://www.standard.net/news/business/2015/aug/08/what-you-should-know-about-firmware-viruses/