Infected Firmware Threat Emerges
Infected Firmware Threat Emerges
March 5, 2008: According to SecureTest, a security penetration consultancy, the UK government and FTSE 100 networks are under threat from malicious firmware imported from China and other eastern countries.
SecureTest claims that unlike the traditional malware we are used to fending off, machine level hardware such as the chipsets used in routers, switches and other computer devices are rarely tested and may already have enable back doors to be established in communications systems across the country.
Routers and switches require machine level software (known as firmware) to run, and the company say it would not be difficult for an insider to deploy malware into the firmware of a range of devices during the manufacturing process.
“Firmware could be altered to allow it to have data running over communications equipment to another company, or to allow a backdoor to be created for devices that are accessible from unauthorised sources,” says SecureTest, adding that there are currently few ways to test and spot malware on machine level components, and a reliance on often unmonitored foreign production processes.
Unlike tradition malware, this firmware threat is more insidious as it bypasses the operating system layer altogether. Anti-virus or malware scanners are unable to detect it as they do not have the functionality to scan to this depth.
According to SecureTest, evidence casting doubt on foreign IT production processes came to light over the Christmas period, when online shoppers purchased IT peripherals such as USB sticks, MP3 players and digital photo frames infected with malware.
It says millions of home PCs could have been infected, and given that these consumer products are being infected at the point of manufacture, it believes it is likely that corporate PCs and network components may also have been compromised.
The company is calling for robust Quality Assurance processes and penalties for non-compliance to be put in place, as even the most security-aware organisations do not routinely screen new infrastructure devices.
“Organisations should change their security policies and procedures immediately. This is a very real loophole that needs closing,” says SecureTest Managing Director Ken Munro.
“The [UK] Government needs to act fast. Would they buy a missile from China, then deploy it untested into a Western missile silo and expect it to function when directed at the Far East? That’s essentially what they’re doing by installing network infrastructure produced in the Far East, such as switches and routers, untested into government and corporate networks.”
Comment on this story