Firmware is a specific type of software that every electronic device requires. It serves as the foundation for a device to operate. When you turn on your device, firmware is the code that controls essential functions like starting up, turning on the screen, and connecting to other devices. Without firmware, your device wouldn’t work. To ensure its security, firmware is stored in secure, nonvolatile memory. Messing with firmware can render a device useless.
If you’ve ever accessed the BIOS (Basic Input/Output System) or the newer UEFI (Unified Extensible Firmware Interface) on your computer to change settings or reboot, you’ve interacted with a part of the firmware. Even your Android phone relies on firmware to function. It tells your phone how to boot up, turn on the display, and check if components like the camera and speakers are operational. In this way, firmware is essential for ensuring that different parts of your Android phone work together seamlessly.
While firmware might seem similar to the operating system (OS) that lets you control your devices, they serve different purposes. Firmware operates at a lower level than the OS and interacts directly with hardware. After firmware starts up and connects the hardware, it hands over control to the OS. So, when you see your device’s login screen, the firmware has already done its job.
Drivers, on the other hand, are specialized software that control specific hardware components and connect them to the OS. While drivers may occasionally be referred to as firmware, they’re usually considered part of the OS. They are easier for users to check, replace, or update when needed.
Firmware is typically stored in protected memory, and it’s often read-only, meaning it’s not designed for frequent changes. Trying to modify firmware can result in a bricked device (a device that no longer functions). However, firmware does get updates to fix bugs or improve performance. Updates may help firmware establish more reliable connections with external devices or add new features for users.
Firmware is typically harder for attackers to access with malware or other hacking attempts. Numerous security measures separate typical OS functions from firmware. However, when a vulnerability in firmware is exploited, it can lead to severe consequences. Attackers may gain direct access to hardware control, disable core security features, brick systems, or access sensitive data that’s otherwise protected.
While firmware vulnerabilities and attacks are relatively rare, the risk increases as our devices become more complex. One significant risk is remote server or device management, which can include remote access to firmware. This is known as RCE or Remote Code Execution and can lead to unauthorized access to firmware.
For simpler devices, firmware engineers need specific training. These certified firmware engineers must understand hardware architecture, the functions required for the device, and the specific types of code supported by manufacturers. Their skills often overlap with electrical engineers, and they are sometimes called “embedded engineers.”
