[PLUG] Spyware in hard drive firmware - a reality for 10+ years

Russell Senior russell at personaltelco.net
Tue Feb 17 17:28:37 UTC 2015


>>>>> "Michael" == Michael Rasmussen <michael at jamhome.us> writes:

Michael> Or so reports Kaspersky.
Michael> http://www.thestar.com/business/2015/02/17/us-can-permanently-spy-on-sabotage-foreign-computers-kaspersky-lab-report-says.html

One thing the articles about this problem keep saying and which doesn't
make complete sense is that "this infection is immune to removal".
There is a method to get the infection into spare sectors and into
firmware, which seems to me to mean that there *is* a way to see those
raw sectors and/or firmware in a such a way as to a) see what's there;
and b) remodify the firmware.

It might be that if you are dependent on the firmware to inspect or
replace the firmware, then the infected firmware could just lie to you
in order to hide itself.  In which case, these devices really need to
have some offline way of inspecting their flash sufficient to generate
dumps and checksums to verify they are running what you think they are
running.

What tools currently exist on linux to inspect the hard disk firmware?
I recall updating some hard disk firmware (several years ago), but
perhaps using a vendor supplied freedos-based software kit.


-- 
Russell Senior, President
russell at personaltelco.net



More information about the PLUG mailing list