Firmware
In
. For a relatively simple device, firmware may perform all control, monitoring and data manipulation functionality. For a more complex device, firmware may provide relatively low-level control as well as hardware abstraction services to higher-level software such as an operating system.Firmware is found in a wide-range of computing devices including
Firmware is stored in non-volatile memory – either read-only memory (ROM) or programmable memory such as EPROM, EEPROM, or flash. Changing a device's firmware stored in ROM requires physically replacing the memory chip – although some chips are not designed to be removed after manufacture. Programmable firmware memory can be reprogrammed via a procedure sometimes called flashing.[1]
Common reasons for
History and etymology
Ascher Opler used the term firmware in a 1967 Datamation article, as an intermediary term between "hardware" and "software".[2] In this article, Opler was referring to a new kind of computer program that had a different practical and psychological purpose from traditional programs from the user's perspective.
As computers began to increase in complexity, it became clear that various programs needed to first be initiated and run to provide a consistent environment necessary for running more complex programs at the user's discretion. This required programming the computer to run those programs automatically. Furthermore, as companies, universities, and marketers wanted to sell computers to laypeople with little technical knowledge, greater automation became necessary to allow a lay-user to easily run programs for practical purposes. This gave rise to a kind of software that a user would not consciously run, and it led to software that a lay user wouldn't even know about.[3]
Originally, it meant the contents of a writable
Applications
Computers
In some respects, the various firmware components are as important as the operating system in a working computer. However, unlike most modern operating systems, firmware rarely has a well-evolved automatic mechanism of updating itself to fix any functionality issues detected after shipping the unit.
A computer's firmware may be manually updated by a user via a small utility program. In contrast, firmware in mass storage devices (hard-disk drives, optical disc drives, flash memory storage e.g. solid state drive) is less frequently updated, even when flash memory (rather than ROM, EEPROM) storage is used for the firmware.
Most computer peripherals are themselves special-purpose computers. Devices such as printers, scanners, webcams, and USB flash drives have internally-stored firmware; some devices may also permit field upgrading of their firmware.
Examples of computer firmware include:
- The BIOS firmware used on PCs
- The , and many newer PCs
- Hard disk drive, solid-state drive or optical disc drive firmware
- Video BIOS of a graphics card
- Open Firmware, used in SPARC-based computers from Sun Microsystems and Oracle Corporation, PowerPC-based computers from Apple, and computers from Genesi
- ARCS, used in computers from Silicon Graphics
- Plug and Play auto-configuration of peripherals, kernel, etc.)
- The Common Firmware Environment (CFE) for Broadcom systems-on-chip (SoCs)
Home and personal-use products
Consumer appliances like
Automobiles
Since 1996, most
Other examples
Other firmware applications include:
- In home and personal-use products:
- Timing and control systems for washing machines
- Controlling sound and video attributes, as well as the channel list, in modern televisions
- In :
- LibreCMC – a 100% free software router distribution based on the Linux-libre kernel
- IPFire – an open-source firewall/router distribution based on the Linux kernel
- fli4l – an open-source firewall/router distribution based on the Linux kernel
- OpenWrt – an open-source firewall/router distribution based on the Linux kernel
- m0n0wall – an embedded firewall distribution of FreeBSD
- Proprietary firmware
- In NAS systems:
- NAS4Free– an open-source NAS operating system based on FreeBSD
- Openfiler – an open-source NAS operating system based on the Linux kernel
- Proprietary firmware
- Field-Programmable Gate Array(FPGA) code may be referred to as firmware
Flashing
Flashing[4] involves the overwriting of existing firmware or data, contained in EEPROM or flash memory module present in an electronic device, with new data.[4] This can be done to upgrade a device[5] or to change the provider of a service associated with the function of the device, such as changing from one mobile phone service provider to another or installing a new operating system. If firmware is upgradable, it is often done via a program from the provider, and will often allow the old firmware to be saved before upgrading so it can be reverted to if the process fails, or if the newer version performs worse. Free software replacements for vendor flashing tools have been developed, such as Flashrom.
Firmware hacking
Sometimes, third parties develop an unofficial new or modified ("aftermarket") version of firmware to provide new features or to unlock hidden functionality; this is referred to as
Firmware hacks usually take advantage of the firmware update facility on many devices to install or run themselves. Some, however, must resort to
Most firmware hacks are free software.
HDD firmware hacks
The Moscow-based Kaspersky Lab discovered that a group of developers it refers to as the "Equation Group" has developed hard disk drive firmware modifications for various drive models, containing a trojan horse that allows data to be stored on the drive in locations that will not be erased even if the drive is formatted or wiped.[6] Although the Kaspersky Lab report did not explicitly claim that this group is part of the United States National Security Agency (NSA), evidence obtained from the code of various Equation Group software suggests that they are part of the NSA.[7][8]
Researchers from the Kaspersky Lab categorized the undertakings by Equation Group as the most advanced hacking operation ever uncovered, also documenting around 500 infections caused by the Equation Group in at least 42 countries.
Security risks
Custom firmware hacks have also focused on injecting
See also
- Bootloader
- Computer hardware
- Coreboot
- Custom firmware
- Microcode
- Proprietary device driver
- Real-time operating system
- ROM image
References
- ^ "What is firmware?". 23 January 2013.
- ^ Opler, Ascher (January 1967). "Fourth-Generation Software". Datamation. 13 (1): 22–24.
- ^ "Introduction to Computer Applications and Concepts. Module 3: System Software". Lumen.
- ^ a b "Flashing Firmware". Tech-Faq.com. Archived from the original on September 27, 2011. Retrieved July 8, 2011.
- ^ "HTC Developer Center". HTC. Archived from the original on April 26, 2011. Retrieved July 8, 2011.
- ^ "Equation Group: The Crown Creator of Cyber-Espionage". Kaspersky Lab. February 16, 2015. Archived from the original on December 2, 2015.
- ^ Dan Goodin (February 2015). "How "omnipotent" hackers tied to NSA hid for 14 years—and were found at last". Ars Technica. Archived from the original on 2016-04-24.
- ^ "Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware". Daily Kos. February 17, 2015. Archived from the original on February 25, 2015.
- ^ "Shuttleworth Calls for Declarative Firmware". Linux Magazine. No. 162. May 2014. p. 9.
- ^ Shuttleworth, Mark (March 17, 2014). "ACPI, firmware and your security". Archived from the original on March 15, 2015.
- ^ "MalCon 2010 Technical Briefings". Malcon.org. Archived from the original on 2011-07-04.
- ^ "Hacker plants back door in Symbian firmware". H-online.com. 2010-12-08. Archived from the original on 21 May 2013. Retrieved 2013-06-14.
- ^ "Why the Security of USB Is Fundamentally Broken". Wired.com. 2014-07-31. Archived from the original on 2014-08-03. Retrieved 2014-08-04.
- ^ "BadUSB - On Accessories that Turn Evil". BlackHat.com. Archived from the original on 2014-08-08. Retrieved 2014-08-06.
- ^ Karsten Nohl; Sascha Krißler; Jakob Lell (2014-08-07). "BadUSB – On accessories that turn evil" (PDF). srlabs.de. Archived (PDF) from the original on 2016-10-19. Retrieved 2014-08-23.
- ^ "BadUSB Malware Released — Infect millions of USB Drives". The Hacking Post. Archived from the original on 6 October 2014. Retrieved 7 October 2014.
{{cite web}}
: CS1 maint: unfit URL (link) - ^ Greenberg, Andy. "The Unpatchable Malware That Infects USBs Is Now on the Loose". WIRED. Archived from the original on 7 October 2014. Retrieved 7 October 2014.