PC Firmware’s Attractiveness to Attackers:
Successful firmware exploits provide attackers what they crave most: persistence and privilege
By the very nature of their nefarious objectives, cyberattackers target systems and layers within systems that are exploitable and provide attackers with leverage in terms of persistence and privilege. PC firmware has both of these attractive attributes:
- Exploitable. Functioning below the OS and established before endpoint security software loads, endpoint security software can only make inferences on whether firmware has been compromised. Lacking a direct line-of-sight mechanism to detect firmware compromises as the PC is powered on or certify the firmware’s integrity once loaded, the PC is exploitable.
- Leverage. Residing in nonvolatile memory, corrupted firmware is not erasable from the PC’s hard drive and, therefore, is persistent. The corrupted firmware will exist each time the PC powers up. And as a foundational system layer, corrupted firmware affords attackers the highest privilege level to orchestrate attack plans, including modifying security settings and applications to the attacker’s benefit.