Editing Firmware (section)

== Security risks ==
[[Mark Shuttleworth]], the founder of the company [[Canonical (company)|Canonical]], which created the [[Ubuntu Linux]] distribution, has described [[Proprietary software|proprietary]] firmware as a security risk, saying that "firmware on your device is the [[NSA]]'s best friend" and calling firmware "a trojan horse of monumental proportions". He has asserted that low-quality, [[closed source]] firmware is a major threat to system security:<ref name="linux-mag-162">{{cite magazine |title=Shuttleworth Calls for Declarative Firmware |magazine=Linux Magazine |issue=162 |date=May 2014 |page=9 }}</ref> "Your biggest mistake is to assume that the NSA is the only institution abusing this position of trust{{snd}} in fact, it's reasonable to assume that all firmware is a cesspool of insecurity, courtesy of incompetence of the highest degree from manufacturers, and competence of the highest degree from a very wide range of such agencies".  As a potential solution to this problem, he has called for declarative firmware, which would describe "hardware linkage and dependencies" and "should not include [[executable code]]".<ref>{{cite web|url=http://www.markshuttleworth.com/archives/1332|title=ACPI, firmware and your security|first1=Mark|last1=Shuttleworth|author-link=Mark Shuttleworth|date=March 17, 2014|url-status=live|archive-url=https://web.archive.org/web/20150315054919/http://markshuttleworth.com/archives/1332|archive-date=March 15, 2015}}</ref> Firmware should be [[Open-source software|open-source]] so that the code can be checked and verified.

Custom firmware hacks have also focused on injecting [[malware]] into devices such as smartphones or [[USB device]]s. One such smartphone injection was demonstrated on the [[Symbian OS#Malware|Symbian OS]] at [[MalCon]],<ref>{{cite web |url=http://malcon.org/web/techbrief/malcon-2010-technical-briefings/ |title=MalCon 2010 Technical Briefings |website=Malcon.org  |url-status=dead |archive-url=https://web.archive.org/web/20110704040605/http://malcon.org/web/techbrief/malcon-2010-technical-briefings/ |archive-date=2011-07-04 }}</ref><ref>{{cite web|url=http://www.h-online.com/security/news/item/Hacker-plants-back-door-in-Symbian-firmware-1149926.html |archive-url=https://web.archive.org/web/20130521142131/http://www.h-online.com/security/news/item/Hacker-plants-back-door-in-Symbian-firmware-1149926.html|archive-date=21 May 2013|title=Hacker plants back door in Symbian firmware |website=H-online.com |date=2010-12-08 |access-date=2013-06-14}}</ref> a [[hacker convention]]. A USB device firmware hack called [[BadUSB]] was presented at the [[Black Hat Briefings|Black Hat USA 2014]] conference,<ref>{{cite web |url=https://www.wired.com/2014/07/usb-security/ |title=Why the Security of USB Is Fundamentally Broken |website=Wired.com |date=2014-07-31 |access-date=2014-08-04 |url-status=live |archive-url=https://web.archive.org/web/20140803200841/http://www.wired.com/2014/07/usb-security/ |archive-date=2014-08-03 }}</ref> demonstrating how a [[USB flash drive]] microcontroller can be reprogrammed to spoof various other device types to take control of a computer, exfiltrate data, or spy on the user.<ref>{{cite web |url=https://www.blackhat.com/us-14/briefings.html#badusb-on-accessories-that-turn-evil |title=BadUSB - On Accessories that Turn Evil |website=BlackHat.com |access-date=2014-08-06 |url-status=live |archive-url=https://web.archive.org/web/20140808053344/https://www.blackhat.com/us-14/briefings.html#badusb-on-accessories-that-turn-evil |archive-date=2014-08-08 }}</ref><ref>{{cite web
 |url         = https://srlabs.de/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf
 |title       = BadUSB – On accessories that turn evil
 |date        = 2014-08-07
 |access-date  = 2014-08-23
 |author1     = Karsten Nohl
 |author2     = Sascha Krißler
 |author3     = Jakob Lell
 |website     = srlabs.de
 |url-status   = live
 |archive-url  = https://web.archive.org/web/20161019034729/https://srlabs.de/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf
 |archive-date = 2016-10-19
}}</ref> Other security researchers have worked further on how to exploit the principles behind BadUSB,<ref>{{cite web|url=http://hackingpost.com/badusb-malware-infect-millions-of-usb/|title=BadUSB Malware Released — Infect millions of USB Drives|website=The Hacking Post|access-date=7 October 2014|url-status=unfit|archive-url=https://web.archive.org/web/20141006121457/http://hackingpost.com/badusb-malware-infect-millions-of-usb/|archive-date=6 October 2014}}</ref> releasing at the same time the source code of hacking tools that can be used to modify the behavior of different USB devices.<ref>{{cite magazine|url=https://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/|title=The Unpatchable Malware That Infects USBs Is Now on the Loose|magazine=WIRED|access-date=7 October 2014|url-status=live|archive-url=https://web.archive.org/web/20141007092141/http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/|archive-date=7 October 2014|last1=Greenberg|first1=Andy}}</ref>