Most people are familiar with firmware on a very basic level given that they are often prompted to download firmware updates on computing devices such as smartphones, laptops, printers and routers. Yet many are oblivious to the potential security risks that firmware can bring. To address this, Google’s malware scanning service VirusTotal can now help users identify harmful firmware.
Firmware, the underlying software that controls and monitors how a device works, was once described by Ubuntu Linux founder Mark Shuttleworth as “a cesspool of insecurity” and any device that runs firmware code gives spying agencies an easy way in.
On top of that, there have been known attacks that involve using firmware to load malware onto smartphones, USBs and even BB-8 Sphero toys.
To help users identify whether the firmware they have downloaded for their device is legitimate, Google’s VirusTotal, a free online service that lets users submit files and URLs to be analysed for all kinds of malware, can now scan firmware files. Now when you are required to install a firmware on your device, you can download it first and run it through VirusTotal to see if it is dodgy.
You can find out more of the technical information on how VirusTotal’s new firmware scanning functionality works over on the company’s blog post.