Eclypsium is one of a handful of companies developing technology to look for malicious modifications to the firmware inside companies’ data centers. ReFirm Labs Inc. in Fulton, Md.—whose founders worked at the NSA—has teamed with software developers to monitor the firmware they’re building or using from third parties to ensure that malicious code isn’t added in the early phases of development. Apple Inc. bought LegbaCore, a forensics startup from the Washington, D.C., area that specialized in firmware, in November 2015.
One obvious potential client: the U.S. government. Last month the FBI and the Department of Homeland Security warned that since at least 2015, hackers working for the Russian government have exploited large numbers of network routers and switches—including home equipment—in part by modifying their firmware to establish a permanent presence on the afflicted machines. The goal was to route traffic through Russian government-controlled servers and copy it for espionage purposes, the agencies said.
Bulygin doesn’t know whether hackers have already tried to use the techniques he discovered to infiltrate computers, because this new class of hardware attack is virtually undetectable. Software hacks can usually be removed with a security update, but malicious code that makes its way into firmware could be there forever because of its role in the backbone of a chip or processor. “It’s a blind spot with a huge attack surface,” Bulygin says, “which is obviously not a good combination.”