Reading
Reading
Reading
Firmware is held in non-volatile memory devices such as ROM, EPROM, or flash memory.
Changing the firmware of a device may rarely or never be done during its economic lifetime;
some firmware memory devices are permanently installed and cannot be changed after
manufacture. Common reasons for updating firmware include fixing bugs or adding features
to the device. This may require ROM integrated circuits to be physically replaced, or flash
memory to be reprogrammed through a special procedure. Firmware such as the ROM
BIOS of a personal computer may contain only elementary basic functions of a device and
may only provide services to higher-level software. Firmware such as the program of an
embedded system may be the only program that will run on the system and provide all of its
functions.
Before integrated circuits, other firmware devices included a discrete semiconductor diode
matrix. The Apollo guidance computer had firmware consisting of a specially manufactured
core memory plane, called "core rope memory," where data were stored by physically
threading wires through (1) or around (0) the core storing each data bit.
Still later, popular usage extended the word "firmware" to denote anything ROM-resident,
including processor machine-instructions for BIOS, bootstrap loaders, or specialized
applications.
Until the mid-1990s, updating firmware typically involved replacing a storage medium
containing firmware, usually a socketed ROM integrated circuit. Flash memory allows
firmware to be updated without physically removing an integrated circuit from the system.
An error during the update process may make the device non-functional, or "bricked."
Personal computers
In some respects, the various firmware components are as important as the operating
system in a working computer. However, unlike most modern operating systems, firmware
rarely has a well-evolved automatic mechanism of updating itself to fix any functionality
issues detected after shipping the unit.
The BIOS may be "manually" updated by a user, using a small utility program. In contrast,
firmware in storage devices (hard disks, DVD drives, flash storage) rarely gets updated,
even when flash (rather than ROM) storage is used for the firmware; there are no
standardized mechanisms for detecting or updating firmware versions.
Some low-cost peripherals no longer contain non-volatile memory for firmware, and instead
rely on the host system to transfer the device control program from a disk file or CD.
Consumer products
As of 2010 most portable music players support firmware upgrades. Some companies use
firmware updates to add new playable file formats (codecs); iriver added Vorbis playback
support this way, for instance. Other features that may change with firmware updates
include the GUI or even the battery life. Most mobile phones have a Firmware Over The Air
firmware upgrade capability for much the same reasons; some may even be upgraded to
enhance reception or sound quality, illustrating the fact that firmware is used at more than
one level in complex products (in a CPU-like microcontroller versus in a digital signal
processor, in this particular case).
Automobiles
Examples
Examples of firmware include:
In consumer products:
In NAS systems:
Firmware hacking
Sometimes, third parties create an unofficial new or modified ("aftermarket") version of
firmware to provide new features or to unlock hidden functionality; this is referred to as
custom firmware (also "Custom Firmware" in the video game console community). An
example is Rockbox as a firmware replacement forportable media players. There are many
homebrew projects for video game consoles, which often unlock general-purpose
computing functionality in previously limited devices (e.g., running Doom on iPods).
Firmware hacks usually take advantage of the firmware update facility on many devices to
install or run themselves. Some, however, must resort to exploits in order to run, because
the manufacturer has attempted to lock the hardware to stop it from running unlicensed
code.
Researchers from the Kaspersky Lab categorized the undertakings by Equation Group as
the most advanced hacking operation ever uncovered, also documenting around 500
infections caused by the Equation Group in at least 42 countries.
Security risks
Mark Shuttleworth, founder of the Ubuntu Linux distribution, has described proprietary
firmware as a security risk, saying that "firmware on your device is theNSA's best friend"
and calling firmware "a trojan horse of monumental proportions". He has pointed out that
low-quality, nonfree firmware is a major threat to system security: "Your biggest mistake is
to assume that the NSA is the only institution abusing this position of trust – in fact, it's
reasonable to assume that all firmware is a cesspool of insecurity, courtesy of
incompetence of the highest degree from manufacturers, and competence of the highest
degree from a very wide range of such agencies". As a solution to this problem, he has
called for declarative firmware, which would describe "hardware linkage and dependencies"
and "should not include executable code".
Custom firmware hacks have also focused on injecting malware into devices such as
smartphones or USB devices. One such smartphone injection was demonstrated on the
Symbian OS at MalCon, a hacker convention. A USB device firmware hack
called BadUSB was presented at Black Hat USA 2014conference, demonstrating how a
USB flash drive microcontroller can be reprogrammed to spoof various other device types in
order to take control of a computer, exfiltrate data, or spy on the user. Other security
researchers have worked further on how to exploit the principles behind BadUSB, releasing
at the same time the source code of hacking tools that can be used to modify the behavior
of different USB devices.