Jump to content

Firmware

From Wikipedia, the free encyclopedia
Firmware is commonly stored in anEEPROM,which makes use of an I/O protocol such asSPI.

Incomputing,firmwareissoftwarethat provideslow-levelcontrol ofcomputing devicehardware. For a relatively simple device, firmware may perform all control, monitoring and data manipulation functionality. For a more complex device, firmware may provide relatively low-level control as well ashardware abstractionservicesto higher-level software such as anoperating system.

Firmware is found in a wide-range of computing devices includingpersonal computers,phones,home appliances,vehicles,computer peripheralsand in many of thedigital chipsinside each of these larger systems.

Firmware is stored innon-volatile memory– eitherread-only memory(ROM) or programmable memory such asEPROM,EEPROM,orflash.Changing a device's firmware stored in ROM requires physically replacing the memory chip – although some chips are not designed to be removed after manufacture. Programmable firmware memory can be reprogrammed via a procedure sometimes called flashing.[1]

Common reasons forchangingfirmware include fi xingbugsand addingfeatures.

History and etymology[edit]

Ascher Opler used the termfirmwarein a 1967Datamationarticle, as an intermediary term between "hardware" and "software". Opler projected that fourth-generation computer systems would have awritable control store(a small specialized high-speed memory) into whichmicrocodefirmware would be loaded. Many software functions would be moved to microcode, andinstruction setscould be customized, with different firmware loaded for different instruction sets.[2]

As computers began to increase in complexity, it became clear that various programs needed to first be initiated and run to provide a consistent environment necessary for running more complex programs at the user's discretion. This required programming the computer to run those programs automatically. Furthermore, as companies, universities, and marketers wanted to sell computers to laypeople with little technical knowledge, greater automation became necessary to allow a lay-user to easily run programs for practical purposes. This gave rise to a kind of software that a user would not consciously run, and it led to software that a lay user wouldn't even know about.[3]

As originally used, firmware contrasted with hardware (the CPU itself) and software (normal instructions executing on a CPU). It was not composed of CPU machine instructions, but of lower-level microcode involved in the implementation of machine instructions. It existed on the boundary between hardware and software; thus the namefirmware.Over time, popular usage extended the wordfirmwareto denote any computer program that is tightly linked to hardware, includingBIOSon PCs,boot firmwareon smartphones,computer peripherals,or the control systems on simpleconsumer electronic devicessuch asmicrowave ovens,remote controls.

Applications[edit]

Computers[edit]

ROMBIOSfirmware on aBaby ATmotherboard

In some respects, the various firmware components are as important as theoperating systemin a working computer. However, unlike most modern operating systems, firmware rarely has a well-evolved automatic mechanism of updating itself to fix any functionality issues detected after shipping the unit.

A computer's firmware may be manually updated by a user via a small utility program. In contrast, firmware in mass storage devices (hard-disk drives, optical disc drives, flash memory storage e.g. solid state drive) is less frequently updated, even when flash memory (rather than ROM, EEPROM) storage is used for the firmware.

Most computer peripherals are themselves special-purpose computers. Devices such as printers, scanners, webcams, andUSB flash driveshave internally-stored firmware; some devices may also permit field upgrading of their firmware.

Examples of computer firmware include:

Updating the firmware of aFuji Instaxcamera

Home and personal-use products[edit]

Consumer appliances likegaming consoles,digital camerasandportable music playerssupport firmware upgrades. Some companies use firmware updates to add new playable file formats (codecs). Other features that may change with firmware updates include the GUI or even the battery life.Smartphoneshave afirmware over the airupgrade capability for adding new features and patching security issues.

Automobiles[edit]

Since 1996, mostautomobileshave employed an on-board computer and various sensors to detect mechanical problems. As of 2010,modern vehicles also employ computer-controlledanti-lock braking systems(ABS) and computer-operatedtransmission control units(TCUs). The driver can also get in-dash information while driving in this manner, such as real-time fuel economy and tire pressure readings. Local dealers can update most vehicle firmware.

Other examples[edit]

Other firmware applications include:

Flashing[edit]

Flashing[5]involves the overwriting of existing firmware or data, contained inEEPROMorflash memorymodule present in an electronic device, with new data.[5]This can be done to upgrade a device[6]or to change the provider of a service associated with the function of the device, such as changing from one mobile phone service provider to another or installing a new operating system. If firmware is upgradable, it is often done via a program from the provider, and will often allow the old firmware to be saved before upgrading so it can be reverted to if the process fails, or if the newer version performs worse. Free software replacements for vendor flashing tools have been developed, such asFlashrom.

Firmware hacking[edit]

Main article:Custom firmware

Sometimes, third parties develop an unofficial new or modified ( "aftermarket" ) version of firmware to provide new features or to unlock hidden functionality; this is referred to ascustom firmware.An example isRockboxas a firmware replacement forportable media players.There are manyhomebrewprojects for various devices, which often unlock general-purpose computing functionality in previously limited devices (e.g., runningDoomoniPods).

Firmware hacks usually take advantage of the firmware update facility on many devices to install or run themselves. Some, however, must resort toexploitsto run, because the manufacturer has attempted to lock the hardware to stop it from runningunlicensed code.

Most firmware hacks arefree software.

HDD firmware hacks[edit]

The Moscow-basedKaspersky Labdiscovered that a group of developers it refers to as the "Equation Group"has developedhard disk drivefirmware modifications for various drive models, containing atrojan horsethat allows data to be stored on the drive in locations that will not be erased even if the drive is formatted or wiped.[7]Although the Kaspersky Lab report did not explicitly claim that this group is part of the United StatesNational Security Agency(NSA), evidence obtained from the code of various Equation Group software suggests that they are part of the NSA.[8][9]

Researchers from the Kaspersky Lab categorized the undertakings by Equation Group as the most advanced hacking operation ever uncovered, also documenting around 500 infections caused by the Equation Group in at least 42 countries.

Security risks[edit]

Mark Shuttleworth,the founder of the companyCanonical,which created theUbuntu Linuxdistribution, has describedproprietaryfirmware as a security risk, saying that "firmware on your device is theNSA's best friend "and calling firmware" a trojan horse of monumental proportions ". He has asserted that low-quality,closed sourcefirmware is a major threat to system security:[10]"Your biggest mistake is to assume that the NSA is the only institution abusing this position of trust – in fact, it's reasonable to assume that all firmware is a cesspool of insecurity, courtesy of incompetence of the highest degree from manufacturers, and competence of the highest degree from a very wide range of such agencies". As a potential solution to this problem, he has called for declarative firmware, which would describe "hardware linkage and dependencies" and "should not includeexecutable code".[11]Firmware should beopen-sourceso that the code can be checked and verified.

Custom firmware hacks have also focused on injectingmalwareinto devices such as smartphones orUSB devices.One such smartphone injection was demonstrated on theSymbian OSatMalCon,[12][13]ahacker convention.A USB device firmware hack calledBadUSBwas presented at theBlack Hat USA 2014conference,[14]demonstrating how aUSB flash drivemicrocontroller can be reprogrammed to spoof various other device types to take control of a computer, exfiltrate data, or spy on the user.[15][16]Other security researchers have worked further on how to exploit the principles behind BadUSB,[17]releasing at the same time the source code of hacking tools that can be used to modify the behavior of different USB devices.[18]

See also[edit]

References[edit]

  1. ^"What is firmware?".23 January 2013.
  2. ^ Opler, Ascher (January 1967)."Fourth-Generation Software".Datamation.13(1): 22–24.
  3. ^"Introduction to Computer Applications and Concepts. Module 3: System Software".Lumen.
  4. ^Mielewczik, Michael (2000). "Firmware-Update. Mehr Speed und Sicherheit".PC Praxis(in German). 1/2000: 68.
  5. ^ab"Flashing Firmware".Tech-Faq.Archivedfrom the original on September 27, 2011.RetrievedJuly 8,2011.
  6. ^"HTC Developer Center".HTC.Archived fromthe originalon April 26, 2011.RetrievedJuly 8,2011.
  7. ^"Equation Group: The Crown Creator of Cyber-Espionage".Kaspersky Lab.February 16, 2015.Archivedfrom the original on December 2, 2015.
  8. ^Dan Goodin (February 2015)."How" omnipotent "hackers tied to NSA hid for 14 years—and were found at last".Ars Technica.Archivedfrom the original on 2016-04-24.
  9. ^"Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware".Daily Kos.February 17, 2015.Archivedfrom the original on February 25, 2015.
  10. ^"Shuttleworth Calls for Declarative Firmware".Linux Magazine.No. 162. May 2014. p. 9.
  11. ^Shuttleworth, Mark(March 17, 2014)."ACPI, firmware and your security".Archivedfrom the original on March 15, 2015.
  12. ^"MalCon 2010 Technical Briefings".Malcon.org.Archived fromthe originalon 2011-07-04.
  13. ^"Hacker plants back door in Symbian firmware".H-online.2010-12-08. Archived fromthe originalon 21 May 2013.Retrieved2013-06-14.
  14. ^"Why the Security of USB Is Fundamentally Broken".Wired.2014-07-31.Archivedfrom the original on 2014-08-03.Retrieved2014-08-04.
  15. ^"BadUSB - On Accessories that Turn Evil".BlackHat.Archivedfrom the original on 2014-08-08.Retrieved2014-08-06.
  16. ^Karsten Nohl; Sascha Krißler; Jakob Lell (2014-08-07)."BadUSB – On accessories that turn evil"(PDF).srlabs.de.Archived(PDF)from the original on 2016-10-19.Retrieved2014-08-23.
  17. ^"BadUSB Malware Released — Infect millions of USB Drives".The Hacking Post.Archived from the original on 6 October 2014.Retrieved7 October2014.{{cite web}}:CS1 maint: unfit URL (link)
  18. ^Greenberg, Andy."The Unpatchable Malware That Infects USBs Is Now on the Loose".WIRED.Archivedfrom the original on 7 October 2014.Retrieved7 October2014.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Firmware&oldid=1235071515"