Take Action to Stop Rising Firmware Attacks

Take Action to Stop Rising Firmware Attacks

Take Action to Stop Rising Firmware Attacks

Microsoft is ringing the warning bell on firmware attacks.

Its survey of 1000 cybersecurity leaders across industries in North America, Europe, and Asia finds that while 80% of firms have been hit by at least one firmware attack in the past two years, only 29% of security budgets are designated to defend against such threats. 

What is Firmware? 


So, what exactly is a firmware attack? To answer this, let’s explore what firmware is. To keep it brief, firmware is permanent software code installed on a small chip on a piece of hardware. Just about any modern technology has firmware. Here are some examples of devices with firmware:

  • Mobile phones
  • Digital cameras
  • Smartwatches
  • Computers
  • Traffic lights
  • Appliances
  • Optical drives
  • Routers
  • Scanners
  • Washing machines
  • And more

Firmware is vital because it carries a set of instructions for the hardware. Companies release firmware updates for their hardware to address compatibility issues, finetune programming, or offer updates. For example, if you own a video game console like a PlayStation, you probably update the firmware quite regularly to fix issues or unlock features. 

So, What is a Firmware Attack? 

Firmware attacks are sneaky attacks that target your machine’s firmware through malicious software. They’re sneaky because they bypass basic anti-malware security software by compromising a device before it can boot up. Let’s look at some more reasons why a firmware attack is dangerous:

  • Firmware malware is hard to remove because the malicious code sits below the operating system. Formatting and reinstalling the software is no guarantee of remediation. 
  • Corrupted firmware can stop a device from functioning, and only the manufacturer may be able to bring a device bricked by firmware back to life. 
  • A firmware attack can give a threat actor deep and remote access to a machine. 

Imagine a Firmware Attack on a Car

Cars are becoming increasingly smarter. In the not-too-distant future, self-driving vehicles may be commonplace. Even now, cars get firmware updates for performance, navigation, audio, etc. Theoretically, a firmware attack on cars could be chaotic. 

Just recently, a Belgian security researcher found an inexpensive way to hack a Tesla within minutes by exploiting a flaw in the firmware update process of Tesla Model X key fobs. This attack was the researcher's third successful Tesla hack in three years.

How to Stop Firmware Attacks


Unfortunately, there’s no guaranteed way to stop firmware attacks, and the onus is on the manufacturers to plug flaws and keep firmware secure. However, the following tips help.

  1. Update your firmware to the latest version to patch any flaws that firmware hacks may exploit. 
  2. Use a top virus checker regularly on your computers that applies behavior detection technology to stop evolving malware.
  3. Strengthen WiFi security with a strong password and the highest security protocol.
  4. Enhance network security with a firewall and a reputable VPN service.
  5. Don’t use unsecured public WiFi connections and other untrustworthy networks, as they may be a threat vector for firmware attacks.
  6. Avoid using untrusted peripherals like USB drives that may carry malware. 

It’s also a good idea to make backups of your firmware. In the event of a firmware attack, you may be able to salvage your hardware by restoring data.

Share this article

Leave your comments

Post comment as a guest

terms and condition.
  • No comments found

Share this article

Matthew Rosenquist 

Cybersecurity Expert

Matthew Rosenquist is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services. 

Cookies user prefences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Read more
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics