Wednesday, November 9, 2011

Firmware and Bad Ideas

Geoff and Brian came across a strange situation last Thursday and called me over for a look. They were working on building a machine, and were experiencing a very Hallowe'enish phenomenon: a ghost disc.

They had installed an apparently working LG DVD drive into the machine, but every time they closed it without a disc inserted, a phantom disc called "Bluebirds" would show up on the desktop.

At first I thought it might be a PEBKAC -- a friend one listened in embarrassed confusion to most of a Frank Zappa album not realizing that she'd accidentally stuck two discs into the player at once. But to give Geoff and Brian some credit, it was nothing of the sort.

I looked at the ghost disc's contents and found an installer for some kind of Windows program. I used the "strings" utility (built into pretty much any Linux system) to look for English-like text in the executable and found an End User License Agreement (EULA) from LG, the manufacturer of the drive. This, and a little googling, turned up a bit of a story.

Apparently LG had a brainstorm: rather than shipping the drive with a disc containing the support software, why not build the software right into the drive? The user would buy the drive, take it home, install it, and presto, the system would immediately ask them to install the included software.

Brainstorm or brain fart? I tend towards the latter. First of all, it's a freaking DVD drive -- of any piece of hardware you might want to ship a disc with, this would be one. Maybe with the narrow confines of LG's average user demographic, it's OK -- but what about when the new version of Windows comes out and it's no longer compatible? What about Ubuntu users? What about people who just don't want to use LG's software because they prefer something else? Without intervention, those users will be pestered every time they close the drive.

There's not much information about this online, but LG seems to have conceded their mistake and released a firmware update that removes the feature.

About Firmware

So what is firmware? You could read the obligatory Wikipedia link, but as the name suggests, it's something partway between software and hardware. Technically speaking it's software, but it's working so close to the hardware -- and may in fact pretend to be hardware -- that it's distinguished from what we usually think of as software (like Firefox or OpenOffice).

One common example that you may run into, particularly if you're in the Free Geek Build program, is wireless firmware. Wi-fi adapters are complicated beasts and often cheaply made -- clearly a winning combination. Most manufacturers make these devices so that when they're attached to a computer, they're empty vessels -- when it finds one attached, the computer "pours" the instructions for what a wireless card is and what it does into the device and then begins using it. The firmware is what's poured in. To use another metaphor, firmware is the piece of paper you stick in the golem's mouth.

There are motivations for this that are both good and bad. On the positive side, it means that bugs in the wireless device can often be fixed with a firmware update rather than a physical replacement. On the negative side, it allows manufacturers to get a little lazy with their testing and quality control -- "don't worry, we'll just fix it with a firmware update."

This approach is used in more places than you might think.

The earliest home computers generally ran one level of firmware -- the BIOS -- and the software used the BIOS to talk to the hardware. The first PCs had a few more bits and pieces of firmware: there was a video BIOS, probably more firmware running on the hard disk controller, and more on the hard disk itself to take care of things like caching for higher performance. These were firmware, but in those days, they hadn't figured out how to make the kind that can be re-programmed on the fly from the computer -- in those days it was stored in ROM (Read Only Memory) chips, and an update required you to pull the chip and replace it with a newer one. (Or, if you had an ultraviolet light and a PROM programmer, you could write your own.) Some computers could even be hot-rodded with third-party ROMs. (Nowadays you can do this with cars.)

Today firmware is everywhere. Everything with a USB jack, every mouse, even the tiniest gadget has a piece of firmware or three. Inside a tower case every piece of electronics has its own firmware -- even some power supplies.

Firmware and Viruses

When I first ruled out a PEBKAC, my second thought was that maybe the DVD drive had some kind of firmware virus. If true, this would be particularly insidious because it would fly under the radar -- even if someone replaced the hard drive with a clean one, the last resort of virus removal, the virus would still be lurking in the DVD drive.

As far as I know, there are no firmware viruses circulating on home computers. The closest I'm aware of is the old CIH virus, which would trash some computers by flashing part of the BIOS with junk. To fix this you'd have to pop the BIOS chip and replace it with a good one. Most people who are asking questions about firmware viruses online tend to latch onto the idea because they're otherwise at the end of their rope trying to debug a problem.

The reason firmware viruses aren't apparently in circulation is that they're so hardware-specific -- the nature of firmware is that it's mated to a specific piece of hardware. A typical virus might be able to attack any Windows machine running a particular version of Internet Explorer (to pick a Completely Arbitrary Example) -- but a firmware virus would have to somehow get itself onto a specific model of one manufacturer's hardware. There are better targets.

...right?

There are plenty of tin foil hat types who are concerned that foreign governments might be building surveillance software into hardware. And maybe they're right.

But if you really want to get terrified, read this.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.