Firmware hacking is in the news a lot this week. Snowden’s Reddit AMA talked about spy agencies and their use of firmware hacking to gain backdoor entry. Gemalto confirmed reports of NSA and GCHQ attempts to break into their systems and steal encryption keys back in 2010 – 2011. Most alarmingly, Kaspersky Lab found a piece of malicious coding in their software last week connected to the now infamous Stuxnet. It makes it clear that firmware is very vulnerable to attack, and that it could have some wide reaching implications.
Firmware hacking tools have become increasingly sophisticated over the years. Each new release and attack seems to be smoother, more effective, harder to find. While in hacks like the Gemalto attempt to steal encryption keys were only acceptable in accessing the first level, and not anywhere near the keys themselves, there have been years of evolution since.
But newer tools might not be the threat. Last week, Kapersky Labs claimed to have found many components over the last year making up a massive network of complex malicious malware, including a worm that has a direct connection to Stuxnet.
What was shocking was not that there had been a breach and spying had been conducted. It is that the initial launch of the malware could go all the way back to 1996, and definitely go back to 2001. With each passing year, it became more sophisticated and advanced, giving access to infected computers for what could have been almost two decades.
Where did this malicious code come from? Kapersky Labs is not saying either way. But considering the reach, complexity and length of infection and use, it isn’t hard to figure it out. The NSA is almost certainly involved. Especially as it contains some of the hallmarks of Regin, the system created for Britain’s use in the GCHQ to spy on members of the E.U.
In addition to that connection, a code name was referenced in the keylogging reports, GROK. That keylogger’s name was also found in leaked memos from Snowden, and seem to indicate either a singular person or team working within the agency.
So, what does this have to do with the average Joe? It comes down to one fact: firmware is ridiculously vulnerable. That vulnerability creates an open pathway to your computer and other devices, which are full of firmware. The NSA has shown themselves eager again and again to gain info on all citizens.
In short, we could already be infected.