Are your favorite tech devices hardwired for betrayal? That’s the question being asked by the non-profit Electronic Frontier Foundation (EFF). The group’s latest blog entry notes that hackers have begun conducting firmware-based malware attacks – attacks that most tech devices are helpless to stop.
Most of the modern tech devices in your home, from printers to routers to smart home appliances, have tiny computers built in to them. These simple computers all run their own simple software programs called firmware that tells their device how to do its job. Many of us don’t even know that firmware exists, because it’s all designed to be hidden away for convenience’s sake.
Unfortunately, though, the bad guys know all about firmware and are exploiting its inherent security weaknesses. Last week, we learned that hackers are targeting home routers with default security settings via phishing emails, tricking victims into downloading firmware-based malware. Once installed, the infected router redirects online banking sessions to spoof websites and silently relays login credentials back to the crooks. Anti-virus software can’t detect the attack, and it’s difficult to know if you’ve been hacked even after the fact because router firmware is so well hidden away.
The EFF is calling for hardware manufacturers to adopt a series of best practices from proper firmware audits to offering a mechanism for verifying the integrity of installed firmware. They’re great suggestions, but it could take a while for industry to embrace them. In the meantime, saying safe from firmware-based malware is largely in your own hands.
There’s no failsafe method for staying safe, but there are a few things you can do to reduce the likelihood of becoming a victim. First, be sure to change the default login information on any device that connects to the Internet, such as routers, Wi-Fi cameras and home automation devices. Always download and install firmware updates when a manufacturer makes them available. And be careful about clicking links that arrive in your email inbox.
For more information about firmware-based malware attacks, check out the full blog entry over at the Electronic Frontier Foundation blog. For more information about security in general, check out our computer safety and support roundup page right here on Techlicious.
[Malware on circuit board via Shutterstock]
