Tuesday, December 17, 2019

Firmware backdoors?

So, anyway, recently our colleagues at Eset published a paper that showed that a number of manufacturers had firmware modules with the word "AsusBackDoor" as part of the filename.

Armed with that very helpful name, we found some samples pretty quickly, and while the name was a bit alarming, it seems to be a legitimate function for resetting lost firmware passwords, so all is fine and well.

This, however, lead us to wonder how many other modules might exist, with similar functionality, but without the helpful name portion, and guess what? There are quite a few. We seem to have identified at least five manufacturers with similar modules.

Again, they are probably all legit, but it does make one wonder.

We did find one sample with the word "infected" in it, but that _seems_ to be an experiment, from someone who is maybe a hobbyist.

The marines (I think) came up the idea of getting Left Of Bang. ("Bang" roughly refers to some incident such as an IED exploding.Right of Bang refers to responding after the event. Left of Bang refers to preventing the Bang in the first place, which is clearly the desired action)

All corporates, government bodies, and utilities, need to start auditing their firmware, before the Bang.

If you would like some help, please let us know. You can contact us at roger AT armor.ai

Security and functionality have always existed in an inverse relationship, and modern firmware (UEFI) is immensely functional.

We will continue to look for similar backdoor functionality. Stay tuned.