Outdated firmware cyber security risks

By Peter Lambert | November 12, 2018

1811_firmware_cyber_i175235899_1200w

If most of your company’s computers are obsolete, they double or even triple your chances of experiencing a data breach. This emphasises how dangerous it is to have outdated applications, operating systems, and even web browsers. Failing to update your firmware could expose your business to major security threats.

"A cybersecurity professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password."

What is firmware?

Firmware is a basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, higher-level pieces of software can interact with it.

Why is firmware security important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of hundreds. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How do I protect myself?

Firmware exploits are not rare occurrences. Not too long ago, a cybersecurity professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cybersecurity posture. Hard drives, motherboards, and even mice and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend having your IT provider to take care of it for you. Call into our support desk for advice today.

Talk to our security experts

Our Business Technology Managers are ready to engage our security team to proactively protect your organisation, give us a call on 1300 307 907 or contact us via the form below..

 

Contact us today

 

 Published with permission from TechAdvisory.org. Source.

TAGS: Managed IT Services, Technology Consulting, IT Security

About the Author
Peter Lambert

Presales Consultant, Carrier Solutions Specialist & Security Blogger @ Diamond IT - I have over 25 years of experience in Information & Communications. My range of skills is diverse and includes extensive experience in desktop solutions, server and network presales and administration, VOIP phone systems, journalism, creative writing, technical writing, digital videography and audio visual streaming. I hold a Certificate IV in Training and Assessment, and I am an experienced classroom trainer and course coordinator. I hold an Advanced Diploma in Network Security, a Diploma in Network Administration, and a Certificate IV in Networking. I am a Cisco Certified Network Associate (CCNA) and Microsoft Certified Solutions Associate (MCSA).