Security is a multi-step process. There’s a chain of trust, with each link verified and authenticated by the one that comes before. But eventually, the chain stops somewhere. The pedal meets the metal.
Or, as the case may be, silicon.
Until recently, semiconductor security was more of a theoretical threat than a real one, but attacks on firmware have been increasing.
Earlier this year, the Department of Homeland Security warned that firmware “presents a large and ever-expanding attack surface.”
According to the agency, companies often overlook firmware security, making it one of the stealthiest methods to compromise devices at scale. When they get access to firmware, attackers can subvert operating systems and hypervisors, bypass most security systems, and persist in environments for long periods of time while conducting operations and doing damage.