Abstract
The process of developing and evolving the firmware in today's computers has reached a stage where it may be successfully attacked in some situations, and in the scope of these attacks, there is also the installation of additional codes and spyware on it. Meanwhile, there is no comprehensive method to notify the user or server administrator about this type of attack. In this paper we will introduce a workaround that covers the recognition of such attacks on almost all systems based on the 'x86' architecture, according to the structure of SPI flash provided for them and the idea of FWH from its first generation to today's designs. To test this solution and to make it more accessible to researchers and enthusiasts, we have also produced the sample code of this method which can be used on real systems and has been placed on GitHub. In this method, which is called BIOSIC, the correctness of the executable code of the firmware is evaluated based on OEM version comparisons, SPI hardware specifications and characteristics of the firmware status control. Compared to other methods, this method brings superiority in recognizing all firmware changes, including unknown spyware attacks, unsuccessful spyware attacks and providing a possibility to prevent them.