From Lattice: "New NIST Standard Tackles Latest Attack Vector for Servers"
There is an emerging, though not widely known attack vector for hacking a server: firmware. Last month, researchers at ESET published a report on Lojax, a rootkit (firmware hacking tool) believed to have been developed by Sednit, the notorious cyberespionage group linked to Russian military intelligence. Lojax is designed to exploit vulnerabilities in UEFI, a firmware specification that allows computer hardware to interact with an operating system. Once installed, it is nearly impossible for antivirus software to detect. It also has the availability to remain active even after a clean reinstallation of the operating system or swapping out the computer’s hard drive.
In a 2016 survey conducted by ISACA, over half of respondents that self-described as seeing hardware security as a priority for their organization “reported at least one incident of malware-infected firmware being introduced into a company system,” and 17 percent “revealed that the incident had a material impacti.”
Firmware is the bootable software code executed immediately after a server component (i.e. CPUs, network controllers, RAID-on-chip solutions, etc.) is first powered up. Typically, a component’s processor assumes the firmware is a valid starting point, boots from it and uses it to verify and load higher-level functionality in stages depending on the server’s configuration. In some cases, the processing component uses the firmware to perform required functions throughout its entire operating life.
As systems are shipped with an installed firmware, they are vulnerable to attacks through the system supply chain: a manufacturing site, while the system is in transit, or during the system integration, bug-fix or feature enhancement operations. As it is difficult to detect the malware embedded in firmware after booting from it, the malware tends to persist through system updates and upgrades. Fortunately, the tech industry is responding to the challenge of securing firmware. Earlier this year, the National Institute of Standards and Technology (NIST) released the NIST SP 800 193 specification, which defines a uniform firmware security mechanism known as Platform Firmware Resilience (PFR). Support for PFR comprehensively prevents attacks on all firmware in a computer. The specification is based on three guiding principles:
- Protecting firmware against attack while the system is operational
- Detecting compromised firmware stored in SPI flash
- Recovering from a compromised firmware into a known good firmware
The NIST SP 800 193 standard stipulates that Platform Firmware Resiliency (PFR) be implemented in hardware using a compliant root-of-trust device. A revolutionary approach based on a Root-of-trust FPGA makes NIST compliant PFR implementation simple and rugged. This approach is comprehensive to cover all firmware in a server system.
Looking to integrate Lattice products with your design? Our Applications Engineers offer free design and technical help for your latest designs. Contact us today!
Why partner with Symmetry Electronics? Symmetry's technical staff is specially trained by our suppliers to provide a comprehensive level of technical support. Our in-house Applications Engineers provide free design services to help customers early in the design cycle, providing solutions to save them time, money and frustration. Contact Symmetry for more information.
Sign up to get tech news, product updates and store promos from Symmetry Electronics.Subscribe