I just fail to understand how a firmware can b eprone to malware attack. A "forware" is a kind of code which cannot be modified unlike the code that runs in some kind of RAM and is prone to be replaced or modified by the malware.
So unless , at some point in the supply chain if unauthorised firmware enters into the product as a counterfeit part, then only such attack is possible, in my opinion
@t.alex: there are a number of techniques to discover malware that has been put into firmware by testing before sending out the products. The three main categories are:
1) anamoly-based detection. In this approach, the malware detection program learns what normal behavior of a system looks like and compares it on an ongoing basis--sounding the alarm when the behavior is deemed abnormal. The downside of this approach is a high number of false alarms.
2) Specification-based detection. Basically this compares a set of rules about what the program or application is supposed to do and compares it to what it is doing.
3) Signature-based detection. This uses known malware signatures to try to identify malware (this is familar to anyone with a basic anti-malware on a PC).
Malware gets increasigly sophisticated--and so detection techniques have to keep up. it isn't an easy game to win.
Yes, verification processes do exist. But the main point I was trying to make is that the firmware code is an easy target for the bad guys who are learning about these security holes. It also does look like firmware needs to move to open source, despite the inevitable effects on the business model. But if open source will not work, what is the alternative?
"Firmware in embedded systems should thus be completely open-source, and OEMs should be able to fix it easily if a vulnerability is discovered. This, of course, means chip suppliers will have to invest more engineering dollars in fixing their firmware."
Bruce, I don't how far it's possible. Moreover, the entire business model has to be reworked inorder to make the codes open source
EBN Dialogue enables you to participate in live chats with notable leaders and luminaries. Open to the entire EBN community of electronics supply chain experts, these conversations see ideas shared, comments made, and questions asked and answered in real time. Listed below are upcoming and archived chats. Stay tuned and join in!