October 27, 2020 – Cybersecurity in the last few years has become one of the biggest challenges in the computing world as the impact of cyber compromises has reached an all-time high. Although increased efforts are being made to suppress cyberattacks, many of the cybersecurity solutions being implemented today are ineffective – in fact, they are moving in the wrong direction to keep up with the increasingly sophisticated world of hacking.
By Rob Pike, Founder and CEO, Cyemptive Technologies
Although artificial intelligence (AI) and machine learning (ML) technologies are being touted as a solution by attempting to solve the problem faster, the scale and frequency of cyber compromise have still gotten worse during the last five years at an alarming rate. The time for hackers to break into any environment and extract data out of a network is measured in seconds and minutes while detection is still measured in days, weeks, and even months, after the compromise has occurred. At the same time, the detection technologies are hitting such high false positives and false negatives, it causes a decline in progress on detecting and stopping the elite hackers of the world, making it almost impossible to stop them. Even the less experienced hackers have gained traction on infiltrating networks and systems with the use of AI tools.
On top of all that, we have new industry standards and directions for a hardware design that we believe is significantly eroding the levels of network security. The changing design, combined with the failure of cybersecurity solutions to protect against cyberattacks, is resulting in weaker security at the hardware level – so much so that hackers can potentially access your computer, even when it is turned off.
The Problem with AI and Cybersecurity
AI (along with machine learning) can operate faster and more efficiently than humans and other technologies to identify and detect against hackers and their various forms of cyberattacks, the thinking goes.
The one big comment that most people who talk about AI for cybersecurity do not explain is that AI stands for “Already Infiltrated” to the top cyber insiders of the world. AI is too little too late.
The problem with artificial intelligence is that although it can be faster and more efficient than other technologies, it simply cannot keep up with the frequency and speed of today’s cyberattacks, which can take place in seconds to minutes. Even with AI and ML, today’s cybersecurity solutions take days to weeks or even months to detect attacks. By that time, the hackers have gotten in and the damage has been done.
Changing Hardware Security Standards
At the same time, hardware providers are changing their security standards at the hardware level. Many are moving in a direction away from supporting legacy BIOS, to only supporting UEFI. With UEFI, security layers are added to the UEFI stack. Settings are controlled by custom applications added to the UEFI web application stack.
The idea behind UEFI is to provide more manageability to infrastructure. However, as is the case with any new standards, there are also new issues that arise. Such is the case with the UEFI security approach.
Security Issues with the New Hardware Standards
With the UEFI approach to security, hackers have the potential to gain control over the hardware before the operating system is booted – in some cases enabling full network stack before an operating system is booted. This design enables hackers anytime access to hardware even when it is powered off.
For example, at Cyemptive, we see numerous worms and exploits from hackers on the UEFI web application stack. In addition, the issues we are encountering in the operating system’s web application stacks are now showing up in the UEFI layer, because they are enabling similar application stacks to be loaded. This in turn causes more exploits that weaken, not strengthen, the security model. What should be simple is now turning into a complete mess.
As part of this, with the UEFI security approach, there are thousands of lines of code involved. All are potentially available to hackers at the physical hardware layer of our systems. At Cyemptive, we regularly detect multiple hacks against our customer’s UEFI. While Cyemptive is able to detect and prevent these attacks from entering their systems, UEFI is a long way from being able to secure systems properly and to be called a secured platform.
What is needed now is for hardware providers to step back and take a look at the UEFI security approach. At present, adding thousands of lines of code to firmware – which is the case with UEFI – is now allowing hackers remote access to our laptops, workstations, and servers, even when they are turned off. Instead, hardware providers should consider moving back to a more simplified model.
For years, legacy BIOS has been the standard for hardware providers. It is a worthwhile standard to consider going back to. Legacy BIOS has seen far fewer security problems than what is now showing up in the current UEFI implementations. It also doesn’t enable hackers to remotely hijack into the systems stack before an OS is enabled, the way UEFI does.
What the industry should do now is to remove the thousands of lines of code that presently allow hackers remote access to our physical hardware layer of systems today. Relying on the application stacks in the firmware is not the proper way to secure hardware. Rather, a different approach is needed, and sometimes simplest is best. Legacy BIOS offers stronger security than UEFI.
Although UEFI can offer companies more manageability in their infrastructure, enabling hackers to remotely hijack into the systems UEFI stack before an operating system is enabled is the wrong approach to cybersecurity. After all, manageability is useless if the hackers in the world can use the same tools to take control of the hardware and OSs running on that hardware. Let’s prevent hackers from having remote control of our laptops, workstations, and servers, even when turned off.