Table of Contents
What Firmware Is and Why It Is Different
Firmware is the low-level software permanently programmed into the hardware of a device. It sits between the physical hardware and the operating system, controlling how the hardware initializes, operates, and communicates. Unlike regular software that runs on top of an operating system, firmware runs before the operating system even loads.
Every electronic device contains firmware: your computer's BIOS or UEFI, your router, your printer, your webcam, your smart TV, your wireless keyboard, and even your SSD and hard drive. Each of these devices has a small computer within it running firmware that controls its behavior.
The critical difference between firmware and regular software is its position in the computing stack. Operating system security features, antivirus software, and firewalls all run at a higher level than firmware. A malicious modification to firmware operates below all of these protections, making it invisible to conventional security tools and extraordinarily difficult to detect or remove.
Why Firmware Attacks Are Dangerous
Firmware attacks represent one of the most serious categories of cybersecurity threats because of three unique characteristics: persistence, invisibility, and privilege.
Persistence Below the Operating System
When malware infects firmware, it survives actions that would eliminate any software-level threat. Reinstalling the operating system does not remove firmware malware. Formatting the hard drive does not remove it. Even replacing the hard drive does not remove firmware malware if it resides in the motherboard's UEFI. The malware persists in the hardware itself, reinfecting any operating system installed on the device.
This persistence makes firmware compromises particularly valuable to advanced attackers. Nation-state threat actors have developed firmware implants that maintain access to target systems for years, surviving multiple operating system reinstallations and security audits.
Invisibility to Security Tools
Because firmware runs below the operating system, conventional security software cannot inspect it effectively. An antivirus program running within the operating system has no visibility into the code executing in the UEFI firmware, the network card's firmware, or the hard drive controller's firmware. The malware operates in a blind spot that most security architectures do not address.
Maximum Privilege
Firmware executes with the highest possible privilege level. Code running in UEFI firmware has unrestricted access to all hardware, all memory, and can modify any aspect of the system's behavior. A firmware compromise gives the attacker more control than even a root-level operating system compromise.
Devices With Firmware You Should Update
Routers and Modems
Your router is arguably the most important device to keep updated because it controls all network traffic entering and leaving your home. Router firmware vulnerabilities have been exploited in massive botnet campaigns, DNS hijacking attacks, and traffic interception operations. Check your router manufacturer's website monthly for firmware updates. Many modern routers support automatic firmware updates, which should be enabled if available.
Log into your router's administration interface and check the current firmware version against the latest version available on the manufacturer's support page. Use a strong, unique password for your router's admin interface, as default credentials are one of the most common attack vectors.
Printers and Scanners
Network printers are frequently overlooked in security assessments, yet they run complex firmware with web servers, email clients, and file sharing capabilities. Compromised printer firmware can intercept every document that passes through the device, serve as a pivot point for network attacks, and exfiltrate data. Enterprise printer manufacturers like HP, Canon, and Xerox regularly release firmware updates that address security vulnerabilities.
Computer BIOS and UEFI
Your computer's BIOS or UEFI firmware initializes hardware, runs self-tests, and loads the operating system. UEFI vulnerabilities like LogoFAIL (2023) demonstrated that attackers could compromise systems during the boot process by exploiting how UEFI firmware processes boot logos. Motherboard manufacturers (Dell, Lenovo, HP, ASUS, etc.) release UEFI updates that address security vulnerabilities, improve stability, and add support for new hardware.
Storage Device Firmware
Hard drives and SSDs run their own firmware that controls data storage, wear leveling, encryption, and communication with the host system. While storage firmware updates are less frequent, they do occur, particularly when security vulnerabilities are discovered. Check your storage manufacturer's support page for available firmware updates.
Peripheral Devices
Webcams, wireless mice and keyboards, USB hubs, and docking stations all contain firmware. Logitech has issued firmware updates for wireless receivers after security researchers discovered vulnerabilities that allowed keystroke injection from across a room. Even seemingly simple devices can harbor significant security risks in their firmware.
How to Check for Firmware Updates
Computers: On Windows, tools like Dell SupportAssist, Lenovo Vantage, or HP Support Assistant automatically check for BIOS and firmware updates. On Linux, the fwupd project provides a unified interface for firmware updates across many vendors. Check the manufacturer's support page for your specific model.
Routers: Log into your router's web interface and look for a firmware update section, usually under Administration or System settings. Compare the installed version against the latest available on the manufacturer's website. Consider setting a monthly calendar reminder to check.
Other devices: Visit the manufacturer's support website for each device and search for your model number. Download firmware updates only from official manufacturer sources, never from third-party sites. Verify the integrity of downloaded firmware files using their published checksums with a hash verification tool when available.
Secure Boot and UEFI Security
Secure Boot is a UEFI feature that ensures only digitally signed and trusted software can run during the boot process. When enabled, the system verifies the digital signature of the bootloader and operating system kernel before executing them. This prevents boot-level malware (bootkits) from loading before the operating system's security features activate.
To verify that Secure Boot is enabled on Windows, open System Information (msinfo32) and check the "Secure Boot State" field. On Linux, run mokutil --sb-state in a terminal. If Secure Boot is disabled, enable it in your UEFI settings, accessible by pressing a manufacturer-specific key during startup (commonly F2, F12, or Delete).
Modern UEFI firmware also supports Trusted Platform Module (TPM) integration, which provides hardware-based secure storage for encryption keys and enables measured boot, where every component loaded during startup is cryptographically measured and verified. Windows 11 requires TPM 2.0, making these security features more widespread.
Building a Firmware Update Routine
Firmware updates deserve the same attention as operating system and application updates. Create an inventory of all devices with firmware in your home or organization. Set quarterly reminders to check for updates on devices that do not support automatic updating. Prioritize internet-facing devices like routers, followed by computers and then peripheral devices. The effort required is minimal, but the protection it provides closes a security gap that most people never think to address.
Share this article
Raimundo Coelho
Cybersecurity specialist and technology professor with over 20 years of experience in IT. Graduated from Universidade Estácio de Sá. Writing practical guides to help you protect your data and stay safe in the digital world.
