Firmware is a software program or set of instructions programmed on a hardware device. It provides the necessary instructions for how the device communicates with other computer hardware. Considering how ubiquitous firmware is, one would expect firmware security to be concerned seriously – sadly, that couldn’t be further from the truth.
Digital product aficionados are very keen on Root, and replacing the original system of their mobile phones with ROM developed by various third-party sources, but they often ignore the risks involved. Some third-party ROMs may be pre-populated with rogue software, quietly placing advertisements in the background or stealing private data.
This type of attack is similar to other remote attacks, but it can allow the device to sneak the data to the designated server without exploiting any vulnerability.
When it comes to firmware security, engineers tend to believe solutions like firmware data encryption, code confusion or code reinforcement could fix the problems resulted from Root. For example, an integrity-checking feature will be added to the code, and if the device fails in the integrity check, it will be rebooted.
However, the reboot logic is untenable if the check logic is deleted directly by hackers or security professionals. So, when the check logic fails to determine whether the code is the original one, how can we determine the security of firmware?
New approach to firmware security
Firmware is an often-overlooked component of devices that are highly vulnerable and increasingly attractive entry points for hackers. Hackers have targeted firmware as a place to embed malware and hide other malicious code that can ultimately compromise a system.
Under the current technical conditions, the integrity cannot be guaranteed by software alone, and a new approach to firmware security risk mitigation is needed. Hardware must be involved to truly solve the problem:
1. The code that starts securely is embedded inside the chip to prevent the startup process from being altered. After the device is started, the processor will immediately execute the code in read-only memory (called the Boot ROM). The Boot ROM code contains a public key to verify that the underlying Boot loader is signed, so as to determine whether or not it should be allowed to load. Every component in each step of the startup process should be encrypted and signed to ensure its integrity. And each step can continue only after the successful verification. A secure boot chain helps ensure that the underlying software is not tampered with.
2. The second defense mechanism is anti-degradation, which is an important concept in the firmware attack. If the device can be degraded, attackers will install early versions of the firmware once they have control of the devices, and use an unfixed bug in the old version to do the damage.
3. The third defense mechanism is the security in the OTA upgrade. The transmission of software update information on the device end should apply the HTTPS communication mechanism to ensure the data confidentiality and integrity of the firmware update package, and prevent data leakage and tampering with the firmware package.
In addition, device manufactures usually maintain debug ports (e.g. JTAG and UART) for the purpose of debugging in product design, program burning in production, and diagnosis testing. To prevent attackers from obtaining detailed information on implementations through these ports, it is necessary to take measures to turn off the debugging ports or add authentication on them.
Hikvision product security long-term support policy
As a globally leading IoT solution provider, Hikvision always focuses on improving our service regarding product security. We also provide a long-term support policy to quickly respond to cybersecurity issues, so that customers can use our products with confidence that they will be protected.
Our long-term support policy for product security includes response to security vulnerabilities, firmware updates, and provision of firmware with security certification. Among them, Hikvision provides continuously optimized firmware to prevent security vulnerabilities, ensuring trusted protection in the whole product lifecycle.
Please click here to know more details regarding the applicable products.
By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION Materials License Agreement. If you don’t agree to these terms, you may not download or use any of those materials.If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the Materials License Agreement above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).