Most users are oblivious to the threat of firmware attacks. When hackers successfully attack firmware, the entire system is under attack.
.ednasia.com, Dec. 27, 2022 –
When a computer or embedded device is powered on at the start of a day, what boots first? The device's firmware. Firmware is the foundation for system security in embedded devices, from common household items like a smart refrigerator to industrial control systems powering major infrastructure.
With firmware being critical to device operations, it means a successful attack on firmware is no run-of-the-mill security threat. When someone hacks firmware, they have gained access at a point where no virus scanner or OS tool can detect or remediate the damage. When hackers successfully attack firmware, they gain a strong foothold on the entire system.
Most users – whether individuals or enterprises – are oblivious to the threat. Microsoft's March 2021 Security Signals report found a staggering 80% of enterprises suffered at least one firmware attack in the previous two years. In the report, business leaders noted they find it difficult to detect threats, and firmware vulnerabilities are exacerbated by a lack of awareness. Data from the National Vulnerability Database (NVD) also shows an explosion of firmware vulnerabilities over the past 20 years.
While an increased focus on firmware research and development has helped uncover this spike in threats, they aren't just minimal risks. These security threats are as serious as they are numerous, with NVD data indicating most issues uncovered are at critical or high severity.